FBI MoneyPak Ransomware: Difference between revisions

FBI Ransomware
FBI Ransomware
Technical name	Reveton Ransomware
	FBI logo used in the ransomware
Classification	Ransomware
Origin	United Kingdom
Technical details
Written in	English

Browse history interactively

← Previous edit Next edit →

Content deleted Content added

VisualWikitext

Inline

Revision as of 06:40, 1 April 2019

The FBI MoneyPak Ransomware, also known as Reveton Ransomware, is a type of ransomware malware. It starts by purporting to be the American Federal Bureau of Investigation (FBI) and that they have locked the computer or smart phone due to "illegal activities" and demands a ransom payment via GreenDot MoneyPak cards in order to release the device.^[1]

Operation

The FBI ransomware starts often by being downloaded accidentally or going onto a corrupt website and trying to run an application with a modified JavaScript code.^[2] The virus starts with a splash screen that contains the FBI's official logo with a big warning that the computer has been locked. Depending on the version, the reason given is either because of alleged copyright violations or because of purported child pornography offences.^[3] It will also show the supposed IP address and sometimes a still from the user's webcam. The virus then demands between $100–$400 paid via pre-paid MoneyPak cards in order to release the computer.^[1] If the payment is not made, then it alleges it will open a criminal investigation into the owner.^[1] Contrary to what it claims, the virus does not actually lock the computer or encrypt any files but it does create an iframe loop which prevents the user exiting the browser or website.^[2] The virus will be installed on the infected device so it still requires removal.^[4]

Reaction

In 2012, the FBI published advice relating to the FBI MoneyPak virus, telling people not to pay the ransom as it was not from the official FBI.^[5] They also stated that users should go through authorized PC security firms to remove the ransomware or inform the IC3 – Internet Crime Complaint Center. In 2018, the FBI announced that working with the United Kingdom's National Crime Agency (NCA), they had arrested a number of people distributing the malware in the United States and that the NCA had arrested the creator of the virus in the United Kingdom.^[5]

Some people had been fooled into thinking that the virus was a legitimate warning from the FBI. One man complained about the FBI blocking his phone for child pornography which was attributed to the virus however he had admitted that he did have child pornography and was arrested by the police.^[6]^{[unreliable source?]}

References

^ ^a ^b ^c "Hand-To-Hand Combat With The Insidious 'FBI MoneyPak Ransomware Virus'". Forbes. Retrieved 2019-01-04.
^ ^a ^b "FBI MoneyPak Ransomware". Government of New Jersey. 2016-07-05. Retrieved 2019-01-04.
^ "New Internet Scam". FBI. 2012-08-09. Retrieved 2019-01-04.
^ "Remove the FBI MoneyPak Ransomware or the Reveton Trojan". Bleepingcomputer.com. 2012-07-05. Retrieved 2019-01-04.
^ ^a ^b "Ransomware Abettor Sentenced". FBI. 2018-12-06. Retrieved 2019-01-04.
^ Mail, Daily (2013-07-26). "Jay Matthew Riley turns himself in for child porn after 'FBI warning message' that turned out to be a computer virus tells him to". Daily Mail. Retrieved 2019-01-04.

[f-1] "Hand-To-Hand Combat With The Insidious 'FBI MoneyPak Ransomware Virus'". Forbes. Retrieved 2019-01-04.

[nj-2] "FBI MoneyPak Ransomware". Government of New Jersey. 2016-07-05. Retrieved 2019-01-04.

[3] "New Internet Scam". FBI. 2012-08-09. Retrieved 2019-01-04.

[4] "Remove the FBI MoneyPak Ransomware or the Reveton Trojan". Bleepingcomputer.com. 2012-07-05. Retrieved 2019-01-04.

[a-5] "Ransomware Abettor Sentenced". FBI. 2018-12-06. Retrieved 2019-01-04.

[6] Mail, Daily (2013-07-26). "Jay Matthew Riley turns himself in for child porn after 'FBI warning message' that turned out to be a computer virus tells him to". Daily Mail. Retrieved 2019-01-04.

[1]

[2]

[3]

[4]

[5]

[6]

@@ Line 22: / Line 22: @@
 == Operation ==
-The FBI ransomware starts often by being downloaded accidentally or going onto a corrupt website and trying to run an application with a modified [[JavaScript]] code.<ref name=nj />  The virus starts with a [[splash screen]] that contains the FBI's official logo with a big warning that the computer has been locked. Depending on the version, the reason given is either because of alleged copyright violations or because of purported child pornography offences.<ref>{{cite web|url=https://www.fbi.gov/news/stories/new-internet-scam |title=New Internet Scam |publisher=FBI |date=2012-08-09 |accessdate=2019-01-04}}</ref> It will also show the supposed [[IP address]] and sometimes a still from the user's webcam. The virus then demands between $100-$400 paid via pre-paid MoneyPak cards in order to release the computer.<ref name=f /> If the payment is not made, then it alleges it will open a criminal investigation into the owner.<ref name=f /> Contrary to what it claims, the virus does not actually lock the computer or encrypt any files but it does create an [[iframe]] loop which prevents the user exiting the browser or website.<ref name=nj>{{cite web|url=https://www.cyber.nj.gov/threat-profiles/ransomware-variants/fbi-moneypak-ransomware |title=FBI MoneyPak Ransomware |publisher=Government of New Jersey |date=2016-07-05 |accessdate=2019-01-04}}</ref> The virus will be installed on the infected device so it still requires removal.<ref>{{cite web|url=https://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware |title=Remove the FBI MoneyPak Ransomware or the Reveton Trojan |publisher=Bleepingcomputer.com |date=2012-07-05 |accessdate=2019-01-04}}</ref>
+The FBI ransomware starts often by being downloaded accidentally or going onto a corrupt website and trying to run an application with a modified [[JavaScript]] code.<ref name=nj />  The virus starts with a [[splash screen]] that contains the FBI's official logo with a big warning that the computer has been locked. Depending on the version, the reason given is either because of alleged copyright violations or because of purported child pornography offences.<ref>{{cite web|url=https://www.fbi.gov/news/stories/new-internet-scam |title=New Internet Scam |publisher=FBI |date=2012-08-09 |accessdate=2019-01-04}}</ref> It will also show the supposed [[IP address]] and sometimes a still from the user's webcam. The virus then demands between $100–$400 paid via pre-paid MoneyPak cards in order to release the computer.<ref name=f /> If the payment is not made, then it alleges it will open a criminal investigation into the owner.<ref name=f /> Contrary to what it claims, the virus does not actually lock the computer or encrypt any files but it does create an [[iframe]] loop which prevents the user exiting the browser or website.<ref name=nj>{{cite web|url=https://www.cyber.nj.gov/threat-profiles/ransomware-variants/fbi-moneypak-ransomware |title=FBI MoneyPak Ransomware |publisher=Government of New Jersey |date=2016-07-05 |accessdate=2019-01-04}}</ref> The virus will be installed on the infected device so it still requires removal.<ref>{{cite web|url=https://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware |title=Remove the FBI MoneyPak Ransomware or the Reveton Trojan |publisher=Bleepingcomputer.com |date=2012-07-05 |accessdate=2019-01-04}}</ref>
 == Reaction ==