Fake FBI ransomware demands money to unlock machines

A new variant of ransomware has been spotted in the United States. We would like to bring this to the notice of our US based customers and also inform users from other geographical locations.

What is ransomware?
Ransomware is a potent form of malware that locks down an infected machine and disallows its user from carrying out further activities. The malware demands a payment in order to unlock the machine and grant the user access. Thus it is said that a ransomware holds a machine hostage and releases it after the payment of a ‘ransom’. Some ransomwares also threaten legal action against the victim to scare them into complying with the payment.

The fake FBI (or the Moneypak) ransomware
This virus enters a machine when a user visits a malicious drive-by download page. Once the virus enters the system, a page is displayed which menacingly states that the machine is totally locked down by the FBI. Several reasons like copyright infringement, illegal distribution of content, viewing of pornographic content and more are stated to be responsible for this. The message further states that these activities have led to the presence of a malware on the machine.

Then a payment of $100 – $200 is demanded within 72 hours to unlock the system and freeing it from the clutches of the malware. It is also stated that this payment can only be accepted through Moneypak prepaid credit cards. These cards are easily available in Walmart and other stores. The end of the page claims that if a payment is not made in the stipulated time period, a criminal case will be initiated.

If you come across this message, do not panic. Further updates will be added to our blog after in-depth analysis of the malware.

UPDATE: Quick Heal detects this malware as TrojanDropper.Injector.

Rahul Thadani