Homeland Security and FBI Ransomware (Update)

RansomMoneyPak

07/30/2013 Update: US-Cert.gov has provided more information: Recent Reports of DHS-Themed Ransomware (UPDATE)

The NU Service Desk has reported a number of people have had their screens locked with a Homeland Security or FBI message demanding money. This new form of ransomware targeting both Apple and Windows is designed to trick users into paying scammers money to regain access to their computer. The ransomware tries to scare the user into thinking that their computer has been blocked due to a legal violation i.e. child pornography, copyright infringement, or unlicensed software.

If the user pays the ransom the scammers have the money and the computer is still infected with the ransomware. In addition to the ransomware, Trojan viruses and malware are often installed on the system to steal the users banking credentials.

Ransomware often gets installed through a vulnerability in the web browser or operating system when a user visits an infected website or clicking on a link to an infected website in a phishing email.

To Avoid Ransomeware:

Maintain up-to-date antivirus, browser, and operating system software
Do not click on links in phishing emails
Do not open attachments from unsolicited emails
Avoid common Social Engineering and Phishing Attacks
Read these tips to avoid malware on the Internet

If You are Infected

  • Stay calm, everything will be allright
  • Do not pay the ransom
  • Contact the Service Desk (617-373-4357) if you need assistance
  • Once the ransomware and malware has been removed change all your banking and other online account passwords

If you intend to remove the ransomware yourself remember that there are multiple parts to this malware. The first part is the ransomeware locking the computer. The second is any Trojan viruses or malware that has been installed in the background. Both parts need to be cleaned before you can resume regular computing activities.

Here are some articles on different types of ransomeware / malware:

SecureNU – Citadel Reveton Ransomware

Malware dont need Coffee – Ransomware – Kovter : looking at your browsing history for more credibility

ThreatPost – Faux FBI Ransomware Targeting OS X Users

KrebsonSecurity – Posts Tagged: ransomware

NakedSecurity – The four seasons of Glazunov: digging further into Sibhost and Flimkit

Krebsonsecurity.com – Cashout Service for Ramsomware Scammers

Image Credit: Botnets.fr

This entry was posted in Malware, Anti-Virus, Phishing, Scams. Bookmark the permalink. Both comments and trackbacks are currently closed.