FBI MoneyPak Ransomware explained

Fullname:FBI MoneyPak Ransomware
Common Name:FBI Ransomware
Technical Name:Reveton Ransomware
Origin:United Kingdom
Language:English

The FBI MoneyPak Ransomware, also known as Reveton Ransomware, is a ransomware that starts by purporting to be from a national police agency (like the American Federal Bureau of Investigation) and that they have locked the computer or smartphone due to "illegal activities" and demands a ransom payment via GreenDot MoneyPak cards in order to release the device.[1] [2]

Operation

The FBI ransomware starts often by being downloaded accidentally or visiting a corrupt website and running an application with a modified JavaScript code. The virus starts with a splash screen that contains the FBI's official logo with a warning that the computer has been locked.[1] Depending on the version, the reason given is mainly either because of alleged copyright violations and/or because of purported child pornography offences.[3] Sometimes other crimes, such as terrorism and gambling are included.[4] It will also show the supposed IP address and sometimes a still from the user's webcam. The virus then demands between $100 and $400 paid via pre-paid MoneyPak cards in order to release the computer.[1] If the payment is not made, then it alleges it will open a criminal investigation into the owner.[1] The virus creates an iframe loop which prevents the user exiting the browser or website.[5] The virus will be installed on the infected device so it still requires removal from the device.[6]

Reaction

In 2012, the FBI published advice relating to the FBI MoneyPak virus, telling people not to pay the ransom as it was not from the official FBI and confirmed it was not the real FBI who had locked the computers.[7] They also stated that users should go through authorized PC security firms to remove the ransomware or inform the IC3 – Internet Crime Complaint Center. In 2018, the FBI announced that working with the United Kingdom's National Crime Agency (NCA), they had arrested a number of people distributing the malware in the United States and that the NCA had arrested the creator of the virus in the United Kingdom.[7]

Some people had been fooled into thinking that the virus was a legitimate warning from the FBI. One man complained about the FBI blocking his phone for child pornography which was attributed to the virus; however, he had admitted that he did have child pornography and was arrested by the police.[8]

Notes and References

  1. Web site: Hand-to-hand combat with the insidious 'FBI MoneyPak ransomware virus'. Forbes. 4 January 2019.
  2. Web site: Reveton ransomware. FBI. 10 August 2012. 1 April 2019.
  3. Web site: New Internet scam. FBI. 9 August 2012. 4 January 2019.
  4. Web site: Ransomware Abettor Sentenced — FBI.
  5. Web site: FBI MoneyPak ransomware. Government of New Jersey. 5 July 2016. 4 January 2019.
  6. Web site: Remove the FBI MoneyPak ransomware or the Reveton trojan. bleepingcomputer.com. 5 July 2012. 4 January 2019.
  7. Web site: Ransomware abettor sentenced. FBI. 6 December 2018. 4 January 2019.
  8. Web site: Man gets fake FBI child porn alert, arrested for child porn . CNET . 26 July 2013. 4 January 2019.