Foxy there are a number of programs that accumulate such web sites but
they are always behind the badies in time.

I normally get my Telsstra bill by email and pay it on line.
One day I got an email to say I was in arrears and had sent the wrong amount.
They attached the bill which was a higher amount by a few dollars.
I was almost convinced, but kept looking down the bill and at the
bottom is said Telstra is a Trademark of Bigpond Corporation.
I was then certain it was a phurfy !
Except for that one line it looked just like the real thing.
They gave a button to click which had a different url to Telstra.
That is the sort of thing that leads to the crypto or other fiddles.

In that sort of thing NEVER use the supplied button, url link but
always look up the genuine one that you normally have used in the past

What worried me was that they had my Telstra account number and phone number on the "bill" !

Bazz
Looks like you have a Trojan keylogger lurking somewhere in your system. My advice; reload your o/s.

Surely that is a criminal offence.
And you have their presumably traceable payment details, so give that to the police.

People are always sending bogus dodgy emails allegedly from reputable companies.
The giveaway is usually the return email address, which doesn't match the company (e.g. a "Paypal" notice from "humtrextiy.com").
Look before you click.

Chrissgaff, the following is part of the details required to pay the ransom demand.

>>
[=] What should I do next?

You should visit our website (http://6o4xqbd4cpmumytk.torprovider.su/ho2dkb0.php?user_code=ckh9w0&user_pass=5127)
and buy decryption for your PC.

[=] I can not access to your website, what should I do?

Our website should be accessible from one of these links:
http://6o4xqbd4cpmumytk.torprovider.su/ho2dkb0.php?user_code=ckh9w0&user_pass=5127
http://6o4xqbd4cpmumytk.onion.to/ho2dkb0.php?user_code=ckh9w0&user_pass=5127
http://ergdzsjgpvsc5rvj.onion.city/ho2dkb0.php?user_code=ckh9w0&user_pass=5127

http://6o4xqbd4cpmumytk.onion/ho2dkb0.php?user_code=ckh9w0&user_pass=5127 (using TOR browser)

If for any reasons these addresses are not available please follow the steps:
1. Download and install TOR-browser:
http://www.torproject.org/projects/torbrowser.html.en
2. After a successful installation, run the browser and wait for
initialization.
3. Type in the address bar:
http://6o4xqbd4cpmumytk.onion/ho2dkb0.php?user_code=ckh9w0&user_pass=5127
4. Access to our website

Also you can contact us via email: decrypthelp@mail15.com<<

Shockadelic we paid in bitcoin, its like Paypal but the receivers details are encypted, even bitcoin can not trace them. Transfer sites like this are used to pay for all sorts of illegal stuff.

Foxy>> One question though - don't you have any security
on your computer that would warn you of anything
suss?<<

Hi Foxy.yes we have security but the email did not trigger a warning from our virus alert, further the email had all the Australia Post logo's and even ads for other products that Aust Post provide. The email tells you that a parcel was not delivered and to click on a tab to get the relevant number to retrieve it, soon as you do that you are gone......thanks Foxy.

Chrissgaff, not likely to be a resident keylogger.
I never enter the Telstra account number as I do a transfer from
Netbank and it holds the account numbers for the transfers that I do.
I passed the details onto the scam site.

I notice the websites that Sonofgloin are for the tor system so they
are to all intents untraceable. You data eneters the site and gets
scrambled and comes out out of order from other data and you can't
ascertain which was your data.

They just copy a real page and change the url for your reply.
If in doubt right click on the button they give and look to see if the
url is the genuine one. They sometimes use a very similar url with
just a minor change.