OS X users hit by ransomware websites posing as FBI notices; easy fix

Malwarebytes takes a look at a method cyber-criminals have begun using to target Mac users with ‘ransomware,’ hijacking the user’s browser with a notice demanding payment of $300 in order to release control of the application,” Eric Slivka reports for MacRumors. “While similar malware has affected Windows systems for a number of years, Mac users have only rarely seen such efforts targeted at themselves.”

The ransomware page is being pushed onto unsuspecting users browsing regular sites but in particular when searching for popular keywords. Warnings appearing to be from the FBI tell the victim: “you have been viewing or distributing prohibited Pornographic content. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300.”Malwarebytes

“Rather than a sophisticated hijack of the actual browser software or an installation of a trojan, the ransomware is merely a simple webpage using JavaScript to load 150 iframes that require confirmation to be dismissed, with the authors hoping that users will give up long before they dismiss all of the dialog boxes and simply pay the ransom,” Slivka reports. “The report details one method to escape the ransomware involving resetting Safari, but misses a far simpler tactic: Simply holding down the Shift key while relaunching Safari will prevent it from reopening windows and tabs from the previous session.”

Read more in the full article here.

23 Comments

  1. Interesting scam. I wonder how Apple is going to respond. Two options I can see right off the bat – (1) make reopening the last page in Safari no longer the default (maybe steal Firefox’s behavior here) or (2) add this scam website ongoing list of websites blacklisted by Safari.

    Maybe they’ll find a more clever, less invasive solution. Seems like there’s got to be a way to stop JavaScript from interrupting multiple attempts to leave a single webpage, even with the iframe trick.

      1. Don’t like that! 1-5 sounds like enough to break some web pages legitimately using dialog boxes, while still annoying some people enough to fall for the scam.

        1. That I know. I was amused and saddened because it was from a “catholic priest”. Amused because of the catholic church and altar boy scandals and a “catholic priest” paying up … and saddened because of the truth of it. All at the same time.

          I don’t believe he paid up… nor do I believe it is in fact a priest. It was a good comment from someone with a supposed “vested” interest.

  2. So why doesn’t the FBI nuke these sites since they are presenting themselves as a federal law enforcement page? Even if they are out of the country, they should be no less a target of the fed’s hackers…

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.