“Malwarebytes takes a look at a method cyber-criminals have begun using to target Mac users with ‘ransomware,’ hijacking the user’s browser with a notice demanding payment of $300 in order to release control of the application,” Eric Slivka reports for MacRumors. “While similar malware has affected Windows systems for a number of years, Mac users have only rarely seen such efforts targeted at themselves.”
The ransomware page is being pushed onto unsuspecting users browsing regular sites but in particular when searching for popular keywords. Warnings appearing to be from the FBI tell the victim: “you have been viewing or distributing prohibited Pornographic content. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300.” – Malwarebytes
“Rather than a sophisticated hijack of the actual browser software or an installation of a trojan, the ransomware is merely a simple webpage using JavaScript to load 150 iframes that require confirmation to be dismissed, with the authors hoping that users will give up long before they dismiss all of the dialog boxes and simply pay the ransom,” Slivka reports. “The report details one method to escape the ransomware involving resetting Safari, but misses a far simpler tactic: Simply holding down the Shift key while relaunching Safari will prevent it from reopening windows and tabs from the previous session.”
Read more in the full article here.
This happened to me last night while on stumble upon on my iPad. Luckily I was in chrome.
Interesting scam. I wonder how Apple is going to respond. Two options I can see right off the bat – (1) make reopening the last page in Safari no longer the default (maybe steal Firefox’s behavior here) or (2) add this scam website ongoing list of websites blacklisted by Safari.
Maybe they’ll find a more clever, less invasive solution. Seems like there’s got to be a way to stop JavaScript from interrupting multiple attempts to leave a single webpage, even with the iframe trick.
I think preventing any site from opening more than 1-5 dialog boxes or windows would do the trick.
Don’t like that! 1-5 sounds like enough to break some web pages legitimately using dialog boxes, while still annoying some people enough to fall for the scam.
Crap, happened to me last night and I paid the fee. Figured $300 was well worth it.
I also paid
I don’t know whether to laugh or cry.
There’s always people who pay, unfortunately. Online scams like this continue for long as they keep making money.
That I know. I was amused and saddened because it was from a “catholic priest”. Amused because of the catholic church and altar boy scandals and a “catholic priest” paying up … and saddened because of the truth of it. All at the same time.
I don’t believe he paid up… nor do I believe it is in fact a priest. It was a good comment from someone with a supposed “vested” interest.
I traced the IP. Led back to a room at the Department of Justice.
They moved it to the back room? I’m scared to see what’s out front . . . .
It could just be a proxy. In fact, that is more than likely what it is.
So why doesn’t the FBI nuke these sites since they are presenting themselves as a federal law enforcement page? Even if they are out of the country, they should be no less a target of the fed’s hackers…
Because this is ‘uhmerica’ and they have the freedom of speech.
Even in “uhmerica”, fraud is not protected free speech. And, posing as a law enforcement official is specifically illegal.
Plug in your sarcasm detector.
I’ll pay with false account information so when they try and collect, the real FBI will be after them! – Joe Friday.
dum-ta-dumdum. DUMMM!*
*courtesy of the late, great Dr. Miklos Rozsa.
If you were viewing prohibited Pornography, the FBI would be knocking on your door (if not kicking it in), not asking for $300
Sorry I’m late to this thread, I had to close 150 windows about something or other.
Never had a problem here.
Was watching a funny cat video and the FBI warning popped up… Yea fake took me all about 25 sec to learn it was fake.
They asked me for $500
Had this problem before ,the website said I was watching illegal things on my phone . I knew it was fake I just went to the settings and cleared my browsing data since I was on my phone. I would’ve been in jail already if it was real. Anyways I would never watch that.