FBI responds to new virus scam


Written by

Greetings to all my fellow techies. I don’t know if you’ve poked your heads into the Internet lately, but it’s getting pretty nasty out there. Last year the big trend in computer viruses was fake virus alerts. Today it’s straight up extortion.

A few months ago I wrote about the need for the United States to create a new federal agency to protect people from cybercrime. My logic is that while the government protects its own networks and will surely be investigating crimes like the recently reported attack on the Office of Personnel Management, for the most part, individual citizens are on their own. And to be fair, the FBI does investigate massive hacking cases, like the one that recently hit Target customers. But the normal day-to-day type of attack that hits a few people at a time is largely unchallenged and un-investigated. With reports showing half of all Americans have been hacked so far this year, and the attacks are getting more malicious — we’re more than ready for some type of national defense.

[Read More: FBI to Ransomware victims: ‘Just pay’]

The biggest trend a few years ago was to infect unsuspecting websites with a virus that caused a pop-up to appear on-screen warning users they had malware on their computers. This prompted people to get a free scan, which of course came back positive for malware because it was part of the scam. The goal was to ultimately get users to pay $129 for removal tools, which actually did nothing at all, because nothing was in fact really wrong. It was a nasty hoax but really just a parlor trick. Victims spend their money on junk, but no files or data were ever really in danger. The FBI eventually stopped that ring of bad guys with several high-profile arrests.

That was almost quaint compared to the newest type of malware, which actually began to make rounds soon after the fake virus scam was put on ice. Originally started in 2012, but recently updated with a more-dangerous package, the Cryptolocker —also called the FBI Virus or the FBI Moneypak Ransom Virus — locks down a user’s computer in the name of the FBI. It’s normally delivered via an e-mail attachment and uses social engineering techniques to not only get users to install it, but also to trick them out of their cash. The FBI issued a warning about it last year.

2014_07_FBIVIRUSscam This is one variation of the screen users infected with the latest FBI extortion type virus see when they boot up.

Users who accidentally install the virus get their computers locked down with a scary pop-up saying the FBI is behind the lock because they downloaded copyrighted information or illegal pornography. It further scans the browser for recent activity and uses that data to craft a believable threat message. Users who have visited pornographic sites will see that as part of the message, lending further credence to the threat. In addition — and here is where the gloves really come off — files and folders on a user’s computer are sometimes (depending on what version of the virus is active) encrypted so that even if the threat is removed, those files are essentially lost.

[Read more: FBI warns of Internet of Things risks]

The virus message claims to impose a fine of between $100 and $300 and helpfully provides links to the Moneypak site, explaining how to send money electronically. It also warns that if the fine is not paid in 72 hours, the user will be arrested on child pornography or other serious charges.

That’s pretty hardcore. And the latest scam was apparently wildly successful, prompting more than 400,000 people to send in the cash, netting the hackers almost $4 million dollars. There are reports that people who did send in the money were given a code to unlock their computers, so at least the hackers were true to their word in that sense. I suppose if you want to go all Dante’s Inferno on them, that warrants a slightly lesser ring of Hell as a reward.

In any case, the FBI apparently doesn’t like people using its name like that, so it launched a large operation to remove the Cryptolocker servers and replace them with its own. CNN reported this week that the operation was successful and the thieves can no longer collect money from their victims. However, this also means the victims can no longer purchase the code to get their encrypted files back.

There may not be any arrests in this case. It appears the hackers are now traveling to countries where local law enforcement agencies are crippled or busy with other concerns at the moment, namely Thailand and Ukraine, and setting up shop there. It’s amazing to think about international criminals flying into places where political coups are taking place to cover their activities, but that’s apparently what is happening and possible these days because the Internet is so widespread.

[Read more: The FBI wants your ID if you want their information]

Of course, keeping your anti-virus up to date and simply not opening suspicious attachments are good defenses. But if you end up infected with a vicious virus like this one, I would highly recommend the Malwarebytes program to find and get rid of it. I’ve used the tool many times to fix friends’ infected computers. There is a free version that can react to almost any threat using active scanning, and a paid version that can be deployed to provide continuous monitoring, much like anti-virus. In fact, it might be a good idea to run both an anti-malware and an anti-virus program at the same time, as they shouldn’t interfere with one another. It’s a dangerous world out there in cyberspace, and it’s getting worse. Really, you almost can’t be too careful these days.

-In this Story-

Commentary, Department of Justice (DOJ), Departments, Federal Bureau of Investigation (FBI), Guest Columns, Technocrat
TwitterFacebookLinkedInRedditGoogle Gmail