MoneyPak FBI Ransomware

Malware that disables PCs and demands hefty cash payments.

FBI Ransomware - Your Computer Has Been Locked

What is the FBI Virus?

FBI malware locks your computer, demands ransom to unlock it.

FBI_Virus

Actual FBI Ransomware Infection on a WIldcat! Customers PC.

The MoneyPak FBI Ransomware Virus, The Reveton Ransonmware, or The FBI Virus as it is more well-known, locks your computer and displays a message that says the FBI is aware that your computer has been used for some “illegal activities.” The virus then demands that you pay an outrageous fine or risk further prosecution. In truth, the message isn’t from the FBI; it’s a scam by computer criminals looking to extort money from any user who falls for the scheme and pays up to have their computer restored.

The FBI Virus has been spreading for quite a while, popping up on various tech news sites and security blogs. When customers calls us or bring in their computer, we have been warning victims to NOT pay the fine and, instead, bring their computer in to be professionally cleaned. If you have been infected, we still stand by that original recommendation. However, if you haven’t yet been infected, we’re now suggesting that you disable Java to prevent the virus from infecting your computers.  [Instructions at bottom of story]

Pay the bad guys, or pay us to clean your computer?

Choosing to simply pay the ransom to unlock your computer might seem like a cheaper, more convenient way to get rid of the problem. However, you have no guarantee that the computer will be unlocked. Furthermore, your computer will still be infected. That’s why we suggest you bring it in to us at Wildcat! Technology. We’ll make sure the virus is gone and that your data is intact. We charge much less than the amount being demanded. You get your computer restored to fully-functioning condition AND the bad guys don’t get any of your hard-earned money.

Remember: if you’ve been infected, DO NOT pay the fine being demanded by the virus. It is definitely NOT from the FBI. If you haven’t been infected, we suggest that you disable Java using one of the techniques listed above.

Malware that disables computers and demands that hefty cash payments be paid to purported law-enforcement agencies before the machines are restored is extorting as much as $5 million from end-user victims, researchers said.

The estimate, contained in a report published by researchers from antivirus provider Symantec, is being fueled by the mushrooming growth of so-called ransomware. Once infected, computers become unusable and often display logos of local law-enforcement agencies, along with warnings that the user has violated statutes involving child pornography or other serious offenses. The warnings then offer to unlock the computers if users pay a fine as high as $200 within 72 hours.

“A lot of individuals do pay up, either because they believe the messages or because they realize it is a scam but still want to restore access to their computer,” Symantec’s 16-page report explained. “Unfortunately, even if a person does pay up, the fraudsters often do not restore functionality. The only reliable way to restore functionality is to remove the malware.”

The report identified at least 16 different ransomware versions spawned by competing malware gangs. Many are completely different families of malware, rather than multiple variants of the same family, and most have their own unique behavior. Many use freely available geographic location services to determine where each infected computer is and based on that information display law-enforcement logos and ransom demands that are local to that user. Demands frequently carry threats of arrest if victims don’t pay promptly, usually by using electronic payment systems to purchase an unlock code.

The Symantec researchers penetrated the command-and-control server of one ransomware scam. Over a period of about a month, between September to October, 68,000 unique IP addresses connected. During a single day during that time, there were 5,700 connections, and of those 168 entered what appeared to be valid unlock codes. Assuming 2.9 percent of the overall 68,000 infections paid the $200 fee, that would have net more than $394,000, although the scammers would have lost a percentage of that as they attempted to launder the money. The Symantec report doesn’t explain precisely how the overall $5 million estimate was reached. Presumably, it is the result of factoring in the remaining ransomware operations.

The organization and proliferation of the scam has come a long way since the early days of ransomware several years ago. Back then, similar malware scams were limited mostly to Russia and Eastern Europe and often contained warnings in Russian that purported to be activation screens from Microsoft. Over time, the warnings began to make claims that users were in violation of local pornography laws and migrated west, to Germany, the UK, and Austria. More recently, the US and Canada have also been increasingly hit by the campaigns.

In some cases, the gangs operating the scams are also responsible for highly profitable operations that use malware to carry out bank fraud, indicating just how far ransomware has come.

“The individuals responsible for it are clearly professional criminals, and for them to have expanded into the distribution of ransomware is a sign of the profitability behind the scam,” the researchers wrote.

According to a blog post on Malware Bytes’ website, there’s a new Java exploit that is being used to infect computers with the infamous FBI virus. The suggested solution is to disable Java. We have links to instructions on how to disable Java listed below.

How to disable Java

Java is a computer language used to make applications that run in your web browser. It requires a plug-in be installed in your web browser to run these applications. Naked Security, a computer security blog maintained by SOPHOS.com, lists several ways on how to disable the Java plug-in, depending on your preferred web browser.

Listed below are direct links to the instructions for each browser:

[UPDATE – 5/13/2013 – The latest version of Java eliminates the exploit being used to infect computers. We still recommend disabling Java, however, be sure to install the latest version of Java — Version 7, update 21 just in case you absolutely need Java on your computer.