FBI Ransomware Shifts Target Towards Mac OS X Users

As we have heard recently, Mac OS X is not invincible against viruses, malware, or any crapware. Here is another case of this situation.

Recently, Malwarebytes uncovered that the FBI Ransomware (which has no affiliated with the FBI in any way), which has been plaguing Windows computer for a few years now, is now directing its targets towards Mac OS X users. They say that the page is being pushed onto unsuspecting users browsing regular sites, though usually when searching for popular keywords.

The ransom page tells the victim: “you have been viewing or distributing prohibited Pornographic content.. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300.”

Though most of these types of pages could be alleviated easily by leaving the web page, this ransom tries to stick to the browsing history. By using the browser’s ‘restore from crash feature’ and some little JavaScript code, the ransom prevents you from leaving the page. If you try to leave the ransom page, the ransom will block you from leaving the page by creating an infinite loop of leave requests. If you force quit the browser, the ransomware comes back when you reopen the application.

While the ransomware can be annoying, Malwarebytes found a quick and easy way of removing the ransomware. By clearing the browser’s history and resetting the browser, the ransom cannot stick to the browser’s history, and alleviating the ransom.

We would also recommend using something like OpenDNS with certain features set to prevent the user from actually going to the page.

While this form of crapware can be easily alleviated, it is likely some script kiddies will find a way to make it harder to remove the crapware. It is a good time to get a good plan to remove these junk before things get worse.