FBI Ransomware Could Be Generating Big Income

By | July 22, 2013

Posted in: Network Security Trends

A new type of ransomeware that tries to fool victims using Macs or Windows into paying fines of $300 could be making its authors hundreds of thousands of dollars a day, according to a senior security researcher at Malwarebytes.

Jerome Segura wrote in a blog that the scam displays a message purportedly from the FBI telling the user that his or her browser has been locked for reasons including “violation of copyright and related rights law” or “viewing or distributing prohibited pornographic content”.

The user is instructed to pay a “release fee” of $300 via MoneyPak to have the browser unlocked.

“You can bet many people are going to fall for this scam and pay the ransom money, filling the bad guys’ pockets,” Segura said. “Based on traffic rankings gathered by Alexa’s ranking system, we can get an idea of how many users were directed to the ransom page. One such site had 50K hits for one day. Say that 2% – or 1,000 visitors – actually end up paying the ransom, you are looking at $300K in the bad guys’ pockets in just one day.”

He said the attack did not actually use malware per se, “but rather a sneaky little piece of JavaScript (which is absolutely benign but yet annoying) and social engineering tricks.  For example, I was led to this locked page by doing a search for Taylor Swift on Bing images. The victim will feel they may have actually being doing something wrong and got caught and ashamed, and will pay the ‘fine.’”

Segura said the JavaScript code used in the attack created 150 iframes, which made it appear that the browser was locked. Clicking on the warning 150 times would make it go away, but he said there were also quicker ways to get rid of it – none of which involve paying the “fine.”

He said the sites loading the ransomeware had an IP address in Russia.

The ransomeware would run on “pretty much all browsers, Windows or OS X,” Segura said. “However, Windows users are normally served a drive-by download and get a full (and real) computer lock. Mac users did not have to worry about that, but yet with this new technique, the bad guys are targeting both platforms by using a very basic script and leveraging what works best: social engineering.”

You May Also Be Interested In: