FBI Ransomware Variant Spreads To Mac OS X

We first saw this on /r/techsupportgore the other day.  Now Malwarebytes is reporting a new FBI Ransomware variant targeting Mac OS X users.  This is a great time to remind everyone that ‘web-based attacks’ like this can affect users of all platforms.  Since much of what we do is on the web today, it makes no difference which platform you’re on when you click on a phishing link or when malicious Javascript is allowed to run.

We highly recommend Firefox with NoScript and AdBlock to help prevent this sort of attack.  Add Public Fox to that list too.  The biggest mistake often made, is thinking there is a single solution that can keep you secure.

If you’ve been hit with this attack, it looks like a simple browser reset via Reset Safari will remove this hijack:

Select all items in the list and choose Reset:

So this variant is relatively mild, as it only affects the web browser.  That being said, the ransomware’s goal is is to deceive users into handing over their credit card information.  If someone falls for the scam, it could end up being a costly mistake.

Just be sure to take precautions when browsing the web and know that simply using a Mac will not protect you.  Those days are long over and users of all platforms can benefit from a few basic security measures:

[checklist]

• Utilize Firefox with NoScript and AdBlock.
• Do not browse the web while logged-in as an ‘administrator’ account.
• Utilize an antivirus program, whether you’re on Windows or Mac OS X.  We recommend ESET’s products.
• Do not use the same email/password combination across multiple websites.
• Know that the “bad guys” are always trying to deceive you and regardless of platform, they are always finding new ways to do so.
• Keep your wits about you while browsing the web and watch what you click!
• Utilize DNS servers other than your ISP’s – e.g. Comodo, OpenDNS, or Google Public DNS.

[/checklist]