Ransomware Mimics FBI Porn Warning; Targets Macs, Too

MALWAREVILLE—How cleverly evil of the bad guys to come up with a malware-based scam that uses a fake warning by the FBI to scare people into parting with their money. Malwarebytes security researcher Jerome Segura discovered the scam and wrote about it Monday on the company blog.

“The ransomware page is being pushed onto unsuspecting users browsing regular sites but in particular when searching for popular keywords,” he wrote. “Warnings appearing to be from the FBI tell the victim: ‘you have been viewing or distributing prohibited Pornographic content. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300.’”

This time, though, the scammers are also targeting Mac users. “The bad guys know there is a growing market of Apple consumers who, for the most part, feel pretty safe about browsing the Internet on a Mac without the need for any security product,” wrote Segura. “Cyber-criminals, well known for not re-inventing the wheel, have ‘ported’ the latest ransomware to OS X, not by using some complicated exploit but rather leveraging the browser and its ‘restore from crash’ feature.”

The fake FBI warning page does not just go away, of course. “If you choose to ignore the message (which you should), you cannot get rid of the page,” warns Segura. “Repeated attempts to close the page will only lead to frustration as even the “Leave Page” browser trick does not work. If you ‘force quit’ the application, the same ransomware page will come back the next time to restart Safari because of the ‘restore from crash’ feature which loads backs the last URL visited before the browser was quit unexpectedly. Talk about a vicious circle.”

There is a relatively simple work-around—“Click on the Safari menu and then choose ‘Reset Safari’”—but Segura still suspects that it will be a money-maker, writing, “You can bet many people are going to fall for this scam and  pay the ransom money, filling the bad guys’ pockets.”

Thoughtfully, he also provides a video tutorial on how to get rid of the FBI ransomware for OS X.

Even better, a reader of the Malwarebytes blog posted a comment that appears to improve upon Segura's work-around, reprinted here:

"The average Mac computer user will not know how to do many of the solutions posted here and, being non-technical, are the most likely to fall for the scam. The easiest solution for them is not the solution described because ‘Reset Safari’ will lose their name-password combinations, auto-fill data and a host of other things they will fret about for having been lost. Why nuke when a bullet will do?

"The easier, and safer solution for the non-technical, is to Force Quit Safari (hold the Option key while selecting Safari in the dock) then, restart Safari while holding the shift key. This will bring them back to their original homepage location without erasing most of their settings.

"Much easier to remember, easier to do, and less scary for the less technically inclined."