# Ransomware Alert



## Cheryl (Jul 23, 2013)

This is an alert from the FBI. I want everyone to be aware of this and to be very cautious. 

You can get more information from The FBI's e-Scam alerts


Ransomware Purporting to be from the FBI is Targeting OS X Mac Users
07/18/13In May 2012, the Internet Crime Complaint Center posted an alert about the Citadel malware platform used to deliver ransomware known as Reveton. The ransomware directs victims to a drive-by download website, at which time it is installed on their computers. Ransomware is used to intimidate victims into paying a fine to unlock their computers. Paying the fine does nothing to solve the problem with the computer; do not follow the ransomware instructions. The ransomware has been called FBI Ransomware because it uses the FBIs name.
The newest version of ransomware targets OS X Mac users. This new version is not malware; it appears as a webpage that uses JavaScript to load numerous iframes (browser windows) and requires victims to close each iframe. The cyber criminals anticipate victims will pay the requested ransom before realizing all iframes need to be closed.
The ransomware is pushed to victims computers when they browse common websites, specifically when they query popular search terms. Once the web browser is exploited, the victims computer displays a pop-up warning that appears to be from the FBI. Cyber criminals use FBI.gov within the URL to make the warning appear more legitimate.
As the FBI saw in 2012, the warning accuses victims of violating various U.S. laws, then locks the users computer. To unlock the computer and avoid legal issues, victims are told they must pay a $300 fine via a prepaid money card. Attempts to close the warning page results in additional messages that reappear each time victims try to close their web browser.
The simplest way to remove the ransomwares iframes is by clicking on the Safari menu and choosing the Reset Safari, option, making sure all check boxes are selected. You may also hold down the Shift key while relaunching Safari, which will prevent Safari from reopening windows and tabs from the previous session. Victims can also disable the reopening feature across OS X from the General pane of System Preferences.
Ransomware messages are an attempt to extort money. If you have received a ransomware message, do not follow payment instructions. Be sure to file a complaint at www.IC3.gov.


----------



## Doctor X (Mar 7, 2016)

A very recent example:

http://researchcenter.paloaltonetwo...ted-transmission-bittorrent-client-installer/

--J.D.


----------



## Cheryl (Mar 7, 2016)

So they are still at it. This is just as bad as a caller telling you that your computer is sick and he will help you fix it.


----------



## Doctor X (Mar 7, 2016)

Apparently yes.

--J.D.


----------



## Satcomer (Jul 10, 2020)

Holy Thread resurrection Batman!


----------



## Cheryl (Jul 10, 2020)

The common factor: 'The infection happens commonly – via phishing emails with malicious attachments and links to fake sites where users can download the malware. ' 

As for the article - all the fixes to rid yourself of these ransomware files is for windows machines. The article is really an ad for a free trial of ransomware protection suite and protected backup suite. 

Reader beware


----------

