OS X Users Hit by Ransomware Websites Posing as FBI Notices

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Jul 16, 2013.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Malwarebytes takes a look at a method cyber-criminals have begun using to target Mac users with "ransomware", hijacking the user's browser with a notice demanding payment of $300 in order to release control of the application. While similar malware has affected Windows systems for a number of years, Mac users have only rarely seen such efforts targeted at themselves.
    [​IMG]
    Rather than a sophisticated hijack of the actual browser software or an installation of a trojan, the ransomware is merely a simple webpage using JavaScript to load 150 iframes that require confirmation to be dismissed, with the authors hoping that users will give up long before they dismiss all of the dialog boxes and simply pay the ransom. As the report notes, a feature on OS X that reopens previously open windows after relaunching an app means that users generally can not simply close and reopen Safari in order to escape the ransomware.

    The report details one method to escape the ransomware involving resetting Safari, but misses a far simpler tactic: Simply holding down the Shift key while relaunching Safari will prevent it from reopening windows and tabs from the previous session. Users can also completely disable the reopening feature across OS X from the General pane of System Preferences. Many OS X users may, however, be unfamiliar with such options and find themselves trapped by the ransomware webpage.

    The report notes that the ransomware authors are targeting users based on popular search terms, with one example stumbled upon through an image search result for Taylor Swift on Bing.

    Article Link: OS X Users Hit by Ransomware Websites Posing as FBI Notices
     
  2. macrumors 601

    Mr. Retrofire

    Joined:
    Mar 2, 2010
    Location:
    www.emiliana.cl
    #2
    Sounds dangerous. Let us switch to Linux.

    ;-)
     
  3. macrumors 603

    notjustjay

    Joined:
    Sep 19, 2003
    Location:
    Canada, eh?
    #3
    This is exactly why I don't like (and will turn off) the "re-open all previously open windows" feature. Even accidental Javascript errors can result in endless windows, and errors like that are much easier to clear by quitting and restarting.
     
  4. macrumors regular

    Joined:
    Oct 5, 2011
    #4
    Well at least it only blocks the browser. I've had to fix 2 Windows machines for people with these things and they completely lock the whole system as well as installing a load of crap with it.
     
  5. macrumors 6502a

    Joined:
    Jul 23, 2002
    Location:
    at the end of the hall
    #5
    Who falls for a thing that says its the FBI and to pay a fine you use gas station money cards? Really?
     
  6. macrumors 65816

    Nightarchaon

    Joined:
    Sep 1, 2010
    #6
    this is why that feature was the 1st thing i turned off when i upgraded my macbook pro/bought my new iMac

    Useless Feature IMO, i use a script to start up the programs i need with a single click, and tie that to startup. i prefer clean starts when i restart a program, not a cached copy of the program from earlier

    This is why we need to Kill Java as well as flash, ASAP
     
  7. macrumors 604

    ravenvii

    Joined:
    Mar 17, 2004
    Location:
    Melenkurion Skyweir
    #7
    You'd be surprised.
     
  8. macrumors 65832

    Tankmaze

    Joined:
    Mar 7, 2012
    #8
    good PSA from macrumors!

    this is true, it can even fool me (consider myself as a geek).
     
  9. macrumors 6502

    chumawumba

    Joined:
    Aug 9, 2012
    Location:
    Ask the NSA
    #9
    Only real stupid people would fall for that.

    Unfortunately...


    This is America so I wouldn't be surprised.
     
  10. macrumors 6502a

    TsunamiTheClown

    Joined:
    Apr 28, 2011
    Location:
    Fiery+Cross+Reef
    #10
    I have paid this ransom like 3 times today and still no sense of absolution.
     
  11. macrumors newbie

    Joined:
    Feb 5, 2013
    #11
    But when you use ForceQuit does it not just load the homepage from your preferences? So to "solve" the problem you just go there and set it back to apple.com, google.com or whatever?

    Way too many people.
     
  12. macrumors regular

    SmoMo

    Joined:
    Aug 20, 2011
    #12
    …oh so it was a Scam?

    Now how do I get my $300 back?
     
  13. macrumors 6502

    scbn

    Joined:
    Jul 25, 2010
    #13
    Let me guess: those blackmailing guys are from Eastern Europe or Russia?
     
  14. macrumors 68020

    TMRaven

    Joined:
    Nov 5, 2009
    #14
    If the fbi finds out you're distributing child porn you're going to jail, not paying 300 dollars. Hahaha.
     
  15. SandboxGeneral, Jul 16, 2013
    Last edited: Jul 16, 2013

    Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Detroit, Michigan
    #15
    This is the perfect use of NoScript for Firefox and ScriptNo for Chrome.

    These excellent extensions for each browser prevents these types of things from running without user authorization.

    Edit: Looks there is an extension for Safari: http://javascript-blocker.toggleable.com/

    Regarding the extension for Safari, there is a disclaimer associated with it. It turns out, due to Apple, this extension isn't as robust and powerful as those for Chrome or Firefox. but should nontheless help out.
     
  16. macrumors 68000

    dernhelm

    Joined:
    May 20, 2002
    Location:
    middle earth
    #16
    Exactly. That's one of the first things I do when I help someone else with any problem with their Mac. That "feature" should never have been enabled by default. Its one of those "sounds great when you discuss it, but doesn't work in practice" type features.
     
  17. macrumors 65816

    bacaramac

    Joined:
    Dec 29, 2007
    #17
    Wow, at least make it more believable. Pay $300 to unlock browser? Ok, why don't you at least write something along the lines

    "There was a new law that passed that allows settlement of these fines at $300. You may pay the $300 settlement fine now or legal action may pursue against you. You will have the right to defend your case in court. blah blah"

    At least make the $300 believable. Who falls for this crap, seriously.
     
  18. macrumors 65816

    Joined:
    Mar 17, 2009
    #18
    Try mastercard instead.
     
  19. macrumors regular

    Joined:
    Mar 21, 2013
    #19
    Apple users are more willing to pay for digital things.
    I wonder if the a$$hat who is doing this had that in mind.
     
  20. macrumors 6502a

    Joined:
    Jun 20, 2012
    Location:
    London, UK
    #20
    Pretty obviously fake, as if the FBI would use phrases like 'child porno photos and etc were found on your computer'. Still I suppose it only takes a very small fraction of people seeing this to pay up to make the criminals a decent amount of cash.
     
  21. macrumors 6502a

    Joined:
    Dec 30, 2011
    #21
    it really is unfortunate that people fall for these sort of things
     
  22. macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Cuidad de México
    #22
    Apple's "helpful" defaults are more annoying than anything else.
     
  23. macrumors demi-god

    Shrink

    Joined:
    Feb 26, 2011
    Location:
    New England, USA
    #23
    Do you happen to know if there is a similar extension for Safari?
     
  24. macrumors 6502a

    Joined:
    Feb 18, 2010
    Location:
    Terra Australis
    #24
    Honestly, if people really fall for these tricks they should not be anywhere near a computer and they deserve to be ripped off - hopefully they might learn from it. For god's sake the URL alone is enough to make you realise its dodgy. People should NOT be told to keep pressing OK buttons on dialogue boxes as this can introduced more problems. Notice the user in the video did not got to preferences and change the home page, or Hold shift and Start safari either.
     
  25. macrumors 68030

    macs4nw

    #25
    There's just no limit to the ingenuity of greedy crooks, is there?
     

Share This Page