18 July 2013

OS X users targeted by FBI ransomware scam

Mac users are advised that ransomware campaigns have been identified targeting the OS X operating system.

For the past year, ransomware has been a significant threat to Australian businesses, with many organisations falling victim to the malware.

Ransomware is a type of malware (malicious software) that typically locks a victim's computer, or appears to lock the computer. A display screen usually follows, demanding payment to unlock or decrypt the data.

Examples usually include a fake warning stating that your computer has been associated with criminal activity. Current versions claim to be from the FBI, but other official sounding agencies, such as the AFP, have also been used.

The current FBI ransomware displays a pop up window that claims your "browser has been blocked" because your computer was used to “violate copyright laws”, “view pornography” or a similar accusation.

It may also claim your computer is infected by malware, and that a $300 fee must be paid to remove it.

Sample pop up window showing hoax malware notice

Image credit: Malwarebytes

The malware is spread by visiting infected websites. Scammers have targeted popular search terms to lure victims.

What to do?

If you believe you have been targeted by this malware do not pay the ransom.

If using Safari:

Closing, choosing Leave Page or Force Quit will not prevent the malware from working.

Select the Safari tab on your navigation bar, then Reset Safari. Check all selection boxes; then click Reset.

Security vendor Malwarebytes has created this video explaining how to bypass this malware for OS X computers.

More information

Stay Smart Online has previously provided advice on Ransomware attacks.

Malwarebytes’ blog post about Ransomware targeting OS X.

The information provided here is of a general nature. Everyone’s circumstances are different. If you require specific advice you should contact your local technical support provider.


Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.


This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.

This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.

Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.

Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.


Facebook: www.facebook.com/staysmartonline
Email: staysmartonline [at] communications.gov.au
Web: www.staysmartonline.gov.au
You are receiving this message at the address [Email].
Update your profile preferences
If you no longer wish to receive this information, you can unsubscribe.

© 2013 Australian Government. All rights reserved

Connect with Stay Smart Online