OS X Users Hit by Ransomware Websites Posing as FBI Notices

[TouchMint.com]

My grandparents that use windows have fallen for this a few times. I am scared to see how hard this hits the OSX userbase.

OSX users are not necessarily less tech savvy but they dont expect to run into virus/false ransomware so I am guessing OSX user base gets hit a bit harder.

 

[doctor-don]

You said

Users can also completely disable the reopening feature across OS X from the General pane of System Preferences.

In Mountain Lion I see no such option unless it's Close windows when quitting an application which it says When selected, open documents and windows will not be restored when you re-open an application.

 

[chrono1081]

Well at least it only blocks the browser. I've had to fix 2 Windows machines for people with these things and they completely lock the whole system as well as installing a load of crap with it.

Only two? You're soooo lucky!

I've lost count :/ They're not super common but I've encountered them enough in the past several years and yes, its annoying how they lock ALL files on Windows.

 

[skinned66]

I still can't believe there are people out there who think the FBI accepts direct payments from the accused; nevermind the huge flags given by the URL and the word content of the page.

 

[ncaissie]

Who falls for a thing that says its the FBI and to pay a fine you use gas station money cards? Really?

I was thinking the same thing. It's sad there are that many people lacking common sense.

 

[mr.steevo]

A colleague of mine brought in his HP laptop to work to show me this exact problem in windows 7 and IE. It only affected the user and not the whole system. His grandson was using the laptop over the weekend, but had signed in using his mom's ID (it was my colleague's laptop that had 2 users assigned to it). When my colleague signed into his account and started up IE it was fine. It was only IE under his daughter's account that was affected. We deleted her account not knowing what else to do, re-created another account for her and all was fine. Luckily his daughter hardly used the laptop. The grandson was banned from it from then on.

I hope you will let your colleague know that his grandson wasn't doing anything more than inadvertently getting caught in a phishing scam. At this point the whole family probably think that "Billy" was up to no good on the computer and is a bad, bad boy. It would be nice for him to know that it wasn't something he could have avoided.

Just sayin'

 

[ed724]

I get a lot of calls a day regarding ransomware viruses. Not just easy ones, either; not a case of logging in through Safe Mode and running MalwareBytes. They're not in %temp%, or %AppData%, in msconfig or startup folder. I'm talking ransomware that hooks itself on explorer.exe registry entries, in the depths of HKLM and HKCU. It's damn clever, but near enough bricks the computer. Boot into Safe Mode? It restarts the computer. Only way to do it is to boot into Safe Mode with Command Prompt (when it doesn't load up the explorer shell), and tell a person on the phone the exact registry keys to edit in order to temporarily disable the virus ... then reboot, we log in, and spend the next 4 hours cleaning up more viruses.

Also I'm inundated with calls when Security Centre is disabled, as are Windows Firewall and Windows Updates. No, not just 'disabled' as in 'restart it in services.msc', I mean malware deleted the registry entries (common theme?) so we have to readd them, and then change the folder permissions in a certain registry key to add MpsSvc and give full permission to that, then you can see it in services.msc and re-enable it …

It's a PITA. It really is. Malware, spyware, adware, bloatware -- whatever you want to call it -- is a huge problem on Windows. People like you who are so willingly ignorant, who say things like: "Oh, I've never had a BSOD/virus infection/inexplicable Windows fail in xx years of using Windows computers" -- well, I call shenanigans. I really, really do.

If you think Windows is easy to use and doesn't have problems as long as you 'know what you're doing', you don't know anything more than the basics. If you think it's an easy OS to use, you haven't used enough of its features. And certainly, if you haven't heard of similar malware on Windows, then you're either a poor troll or you really do know nothing, Jon Snow.

And as an aside, I've always found that Apple-haters are far more aggressive and arrogant than the Apple lovers. It's a shame you've done little to disprove that.

/rant

You don't understand, Windows is itself, malware, bloatware, virus, trojan, etc, etc, etc.

The key, as most IT people know is, back up the data. It's easier to rebuild a pc from scratch than trying to disinfect it, if its in the condition you're describing above. IMO.

 

[oliversl]

It doesn't seem too wide spread. BTW, malwarebytes works really good on Windows.

 

[Thunderbird]

The Windows version of this is not just a webpage running a script. It is an actual Trojan that locks up the system. And LOL at comparing a netbooted computer lab environment to a normal running environment.

Yup. I had this exact ransom trojan on my windows machine last year. It froze evrything and I couldn't get it off my computer. You can't even run an anti-virus program, everything's locked up.

Finally had to take my PC in to a shop to get rid of it. This one's nasty. Beware.

 

[euRT]

There is an easier way to solve this:


Open a New Window in Safari.

Go; History > Show All History.

Click once and press 'Delete', on each link which would be the cause of it.

Force Quit Safari.

Restart Safari and your problem will be solved.

 

[PraisiX-windows]

Even simpler way: close Safari, disconnect Wi-Fi, open Safari and close unwanted tab/window.

Lol? - even easier: Close safari and open it holding SHIFT down..

 

[nick_elt]

You really need to tread carefully and exercise common sense when using the internet. I could see my 67 year old dad falling for this huge.

Yeh my dad has fallen for something like this before, not this exact one but something somewhat similar. The different generations think differently.

 

[WolfSnap]

What? No one has linked to the page? For shame..

 

[Demigod Mac]

To answer a few questions, "How does someone get hit by this?"

Most of it is search engine optimization (SEO) poisoning. You get it through Google and Bing searches.

Bad guys cobble together a web page loaded with popular search keywords like celebrity news (Taylor Swift!) and pack it full of malicious scripts, Java and Flash and browser exploits, 99% of which have been patched already.

Their evil little page rises to the top of a search engine's results, a user innocently runs a search and clicks on one, page attempts to attack their computer through the browser. What happens after that all depends on how updated their software is and how savvy the user is.

Another way they get in is via poisoned banner ads on legitimate sites. Once again, keeping your software up to date will generally keep you safe from this crap.

 

[InfoTime]

Bing?

It seems that Microsoft is still finding a way to infect computers!

 

[monokakata]

Prior to the release of the SuperDrive, some Power Mac G4 computers shipped with a DVD-RAM drive.

Interesting. Thanks for the correction. I didn't come to Apple until the G5 days (if you don't count the SE or CX or whatever it was my kid had in the early 90s) so I never saw an Apple DVD-RAM.

 

[GoCubsGo]

For science, of course, I searched Taylor Swift on Bing after installing the JavaScript Blocker someone linked. It looks like nothing needed to be blocked but while reading all 5 pages of this thread, the results were different.

Not saying this is all crap but I just didn't run into it. I'll still use the JavaScript Blocker extension from now on.

 

[hkenneth]

That is the very reason why I prefer a slow JavaScript engine, because it gives me enough time to close the window before the script finishes running.

 

[MichaelJohnston]

Quick, Easy Solution

If you ever find yourself on a page that won't let you close it, simply open Safari preferences (Command + ,), click the Security tab, and uncheck "Enable JavaScript."

Once JavaScript is disabled, you'll be able to close the site. Tadaaa!

 

[Canubis]

How about turning off JavaScript for a few seconds, then closing webpage should work easily. Then JS can be re-enabled – done. No need to reset the browser?! (Haven't had a chance to try this out, but no reason why this shouldn't work

 

[HenryDJP]

So communication is not about communication? Interesting.

No I just think you really really want a Mac. Your interpretation of what I said is confirmation bias.'

He's not an Apple user in any kind of way. He proudly mentions this in his sig. Don't waste your time with him anymore. If he continues to flame the forum please report him. Anyone who claims to be "Apple Free", is highly in defense of Windows and posts here with insults and attempting to spark a flame should be reported and not tolerated.

 

[motulist]

It's just a simple webpage using JavaScript to load 150 iframes that require confirmation to be dismissed

For years I've never understood why this sort of action isn't automatically blocked by the browser. There is essentially NO legitimate situation that would open up more than 3 iframes or 3 confirmation dialogues in a row. That could basically ONLY happen by a malicious site trying to hurt you. IMO, if a site tries to open 3 or more iframes or dialogue boxes in a row then the browser should prevent it and popup a warning saying:

"It appears that this website is attempting to harm your computer by opening many windows.

Do you want to let this site open up all these windows, or do you want to surf away from this webpage?"

 

[geronimo789]

You don't understand, Windows is itself, malware, bloatware, virus, trojan, etc, etc, etc.

The key, as most IT people know is, back up the data. It's easier to rebuild a pc from scratch than trying to disinfect it, if its in the condition you're describing above. IMO.

I disagree. It might be easier sometimes, but it's definitely not faster if you know what you're doing. Especially when providing remote off-site support. Reinstalling means the PC needs to be picked up, backed up, reinstalled, running file recovery, dropping it back off and putting it back into the domain, along with reinstalling all user apps, certificates, settings.

Whereas if you tinker a bit with the various registry items/startup items you can have the system back up and running anytime between 15-60 minutes, and run a few background scans afterwards.

I guess that's the difference with paid enterprise (outsourced) support, where customer satisfaction and their convenience is valued above all, and a free/customer grade service where you get it fixed and the user can 'deal with it'.

That aside, I've seen these kind of scams plenty on all kinds of operating systems (including mobile phones, tablets), with various degrees of cleverness. This one seems like it is just a badly done attempt made a tad worse by a not so great feature of OSX.

 

[HangmanSwingset]

The report notes that the ransomware authors are targeting users based on popular search terms, with one example stumbled upon through an image search result for Taylor Swift on Bing.

Obviously fake. Nobody uses Bing.

/s

 

[asthamapheo]

thank god i'm still safe, really clever idea though.