MALWAREVILLE—How cleverly evil of the bad guys to come up with a malware-based scam that uses a fake warning by the FBI to scare people into parting with their money. Malwarebytes security researcher Jerome Segura discovered the scam and wrote about it Monday on the company blog.
“The ransomware page is being pushed onto unsuspecting users browsing regular sites but in particular when searching for popular keywords,” he wrote. “Warnings appearing to be from the FBI tell the victim: ‘you have been viewing or distributing prohibited Pornographic content. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300.’”
This time, though, the scammers are also targeting Mac users. “The bad guys know there is a growing market of Apple consumers who, for the most part, feel pretty safe about browsing the Internet on a Mac without the need for any security product,” wrote Segura. “Cyber-criminals, well known for not re-inventing the wheel, have ‘ported’ the latest ransomware to OS X, not by using some complicated exploit but rather leveraging the browser and its ‘restore from crash’ feature.”
The fake FBI warning page does not just go away, of course. “If you choose to ignore the message (which you should), you cannot get rid of the page,” warns Segura. “Repeated attempts to close the page will only lead to frustration as even the “Leave Page” browser trick does not work. If you ‘force quit’ the application, the same ransomware page will come back the next time to restart Safari because of the ‘restore from crash’ feature which loads backs the last URL visited before the browser was quit unexpectedly. Talk about a vicious circle.”
There is a relatively simple work-around—“Click on the Safari menu and then choose ‘Reset Safari’”—but Segura still suspects that it will be a money-maker, writing, “You can bet many people are going to fall for this scam and pay the ransom money, filling the bad guys’ pockets.”
Thoughtfully, he also provides a video tutorial on how to get rid of the FBI ransomware for OS X.
Even better, a reader of the Malwarebytes blog posted a comment that appears to improve upon Segura's work-around, reprinted here: