Back in July 2013, we had discovered a new method of spreading the infamous FBI ransomware by using JavaScript code and iframes to create an illusion that the victim’s browser was locked.
After several months, the threat is still very much alive hopping from one domain name to the next. The message is still the same and along these lines: “you have been downloading copyrighted material or pornographic images and you could go to jail… unless you pay the fine”.
But here’s a new twist being added: not only do you have to pay the first ransom to unlock your browser (USD$300) but a second screen comes up after with a processing fee (USD$ 450) to delete all criminal records.
The page shows a picture of your “criminal records” being burned. The bad guys are clear that you must use a different voucher to pay that second fee:
“IMPORTANT: Entering the same MoneyPak code that was used at previous step will not delete your criminal records from FBI base. If you want to delete all criminal records you need to enter another $450 Moneypak code.”
In other words, some victims may fork up to USD$750 in this latest ransomware scheme.
In some cases such as the UK, the payment is split in two (perhaps to avoid suspicion):
All other countries have similar pages:
This new trend shows that Ransomware is an effective business model for cyber-criminals who are not afraid about demanding more and more from their victims.
Jerome Segura (@jeromesegura) is a senior security researcher at Malwarebytes.
That’s it? How about telling us what to do if it appears on our computers!~
Hi there, thanks for the comment! Running Malwarebytes Anti-Malware Premium or any antivirus/antimalware solution should detect and defeat the malware before you get infected. However if you DO get infected, there are a number of ways to remove the threat, depending on the design of the Ransomware. You could:
– Reboot the system into Safe Mode and run MBAM to get rid of the Ransomware
– Use a boot disk from Kaspersky (as described here: https://blog.malwarebytes.org/intelligence/2012/12/ransomware/ ) if the above method doesn’t work.
The best offense is a good defense at the end of the day.