OS X Users Hit by Ransomware Websites Posing as FBI Notices

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Jul 16, 2013.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Malwarebytes takes a look at a method cyber-criminals have begun using to target Mac users with "ransomware", hijacking the user's browser with a notice demanding payment of $300 in order to release control of the application. While similar malware has affected Windows systems for a number of years, Mac users have only rarely seen such efforts targeted at themselves.
    Rather than a sophisticated hijack of the actual browser software or an installation of a trojan, the ransomware is merely a simple webpage using JavaScript to load 150 iframes that require confirmation to be dismissed, with the authors hoping that users will give up long before they dismiss all of the dialog boxes and simply pay the ransom. As the report notes, a feature on OS X that reopens previously open windows after relaunching an app means that users generally can not simply close and reopen Safari in order to escape the ransomware.

    The report details one method to escape the ransomware involving resetting Safari, but misses a far simpler tactic: Simply holding down the Shift key while relaunching Safari will prevent it from reopening windows and tabs from the previous session. Users can also completely disable the reopening feature across OS X from the General pane of System Preferences. Many OS X users may, however, be unfamiliar with such options and find themselves trapped by the ransomware webpage.

    The report notes that the ransomware authors are targeting users based on popular search terms, with one example stumbled upon through an image search result for Taylor Swift on Bing.

    Article Link: OS X Users Hit by Ransomware Websites Posing as FBI Notices
  2. Mr. Retrofire macrumors 601

    Mr. Retrofire

    Mar 2, 2010
    Sounds dangerous. Let us switch to Linux.

  3. notjustjay macrumors 603


    Sep 19, 2003
    Canada, eh?
    This is exactly why I don't like (and will turn off) the "re-open all previously open windows" feature. Even accidental Javascript errors can result in endless windows, and errors like that are much easier to clear by quitting and restarting.
  4. ryansimmons323 macrumors regular

    Oct 5, 2011
    Well at least it only blocks the browser. I've had to fix 2 Windows machines for people with these things and they completely lock the whole system as well as installing a load of crap with it.
  5. primalman macrumors 6502a

    Jul 23, 2002
    at the end of the hall
    Who falls for a thing that says its the FBI and to pay a fine you use gas station money cards? Really?
  6. Nightarchaon macrumors 65816


    Sep 1, 2010
    this is why that feature was the 1st thing i turned off when i upgraded my macbook pro/bought my new iMac

    Useless Feature IMO, i use a script to start up the programs i need with a single click, and tie that to startup. i prefer clean starts when i restart a program, not a cached copy of the program from earlier

    This is why we need to Kill Java as well as flash, ASAP
  7. ravenvii macrumors 604


    Mar 17, 2004
    Melenkurion Skyweir
    You'd be surprised.
  8. Tankmaze macrumors 68000


    Mar 7, 2012
    good PSA from macrumors!

    this is true, it can even fool me (consider myself as a geek).
  9. chumawumba macrumors 6502


    Aug 9, 2012
    Ask the NSA
    Only real stupid people would fall for that.


    This is America so I wouldn't be surprised.
  10. TsunamiTheClown macrumors 6502a


    Apr 28, 2011
    I have paid this ransom like 3 times today and still no sense of absolution.
  11. deKay macrumors newbie

    Feb 5, 2013
    But when you use ForceQuit does it not just load the homepage from your preferences? So to "solve" the problem you just go there and set it back to apple.com, google.com or whatever?

    Way too many people.
  12. SmoMo macrumors regular


    Aug 20, 2011
    …oh so it was a Scam?

    Now how do I get my $300 back?
  13. scbn macrumors 6502


    Jul 25, 2010
    Let me guess: those blackmailing guys are from Eastern Europe or Russia?
  14. TMRaven macrumors 68020


    Nov 5, 2009
    If the fbi finds out you're distributing child porn you're going to jail, not paying 300 dollars. Hahaha.
  15. SandboxGeneral, Jul 16, 2013
    Last edited: Jul 16, 2013

    SandboxGeneral Moderator


    Staff Member

    Sep 8, 2010
    Orbiting a G-type Main Sequence Star
    This is the perfect use of NoScript for Firefox and ScriptNo for Chrome.

    These excellent extensions for each browser prevents these types of things from running without user authorization.

    Edit: Looks there is an extension for Safari: http://javascript-blocker.toggleable.com/

    Regarding the extension for Safari, there is a disclaimer associated with it. It turns out, due to Apple, this extension isn't as robust and powerful as those for Chrome or Firefox. but should nontheless help out.
  16. dernhelm macrumors 68000


    May 20, 2002
    middle earth
    Exactly. That's one of the first things I do when I help someone else with any problem with their Mac. That "feature" should never have been enabled by default. Its one of those "sounds great when you discuss it, but doesn't work in practice" type features.
  17. bacaramac macrumors 65816


    Dec 29, 2007
    Wow, at least make it more believable. Pay $300 to unlock browser? Ok, why don't you at least write something along the lines

    "There was a new law that passed that allows settlement of these fines at $300. You may pay the $300 settlement fine now or legal action may pursue against you. You will have the right to defend your case in court. blah blah"

    At least make the $300 believable. Who falls for this crap, seriously.
  18. stuffradio macrumors 65816

    Mar 17, 2009
    Try mastercard instead.
  19. jonAppleSeed macrumors regular

    Mar 21, 2013
    Apple users are more willing to pay for digital things.
    I wonder if the a$$hat who is doing this had that in mind.
  20. everything-i macrumors 6502a

    Jun 20, 2012
    London, UK
    Pretty obviously fake, as if the FBI would use phrases like 'child porno photos and etc were found on your computer'. Still I suppose it only takes a very small fraction of people seeing this to pay up to make the criminals a decent amount of cash.
  21. uknowimright macrumors 6502a


    Dec 30, 2011
    it really is unfortunate that people fall for these sort of things
  22. Eidorian macrumors Penryn


    Mar 23, 2005
    Apple's "helpful" defaults are more annoying than anything else.
  23. Shrink macrumors G3


    Feb 26, 2011
    New England, USA
    Do you happen to know if there is a similar extension for Safari?
  24. ArmCortexA8 macrumors 6502a

    Feb 18, 2010
    Terra Australis
    Honestly, if people really fall for these tricks they should not be anywhere near a computer and they deserve to be ripped off - hopefully they might learn from it. For god's sake the URL alone is enough to make you realise its dodgy. People should NOT be told to keep pressing OK buttons on dialogue boxes as this can introduced more problems. Notice the user in the video did not got to preferences and change the home page, or Hold shift and Start safari either.
  25. macs4nw macrumors 601


    There's just no limit to the ingenuity of greedy crooks, is there?

Share This Page