The AVG Web Threats Research Group found a new ransomware page delivered by the Blackhole exploit kit this week. The malware, which claims to be a legal action by the U.S. Federal Bureau of Investigation (FBI), locks up the machine’s Windows operating system and demands payment of a “fine” to unlock it.


The graphic, which includes a fake video, demands a payment of $100 through an untraceable money transfer. Since the text cites the fine as “100$,” it’s obvious this isn’t really from the FBI.


Another giveaway that this is fake lies in the text that says the affected PC has been used to violate copyright laws, view pornographic content, or has been infected with malware and violates a fictional “Neglectful Use of Personal Computer article 210 of the Criminal Code.”




The page is delivered via SSL on port 443.


The ransomware instructs victims to pay their “fine” with a MoneyPak card, which can be purchased from any of the following well-known U.S. retail chain stores


– 7-Eleven

– CVS/Pharmacy

– Rite Aid

– Walmart

– Kmart

– Walgreens


MoneyPak is a payment system that allows users to “reload” the card by paying at an approved partner site then use it to pay other merchants.


The MoneyPak company has a page on its web site with: “6 Tips on How to Protect Yourself from Fraud”


It includes the advice:


“Don’t use the MoneyPak to pay taxes or fees to claim “winnings” on a foreign lottery or prize promotion. Unless it’s an approved MoneyPak partner, don’t use MoneyPak for any offer that requires you to pay before you get the item.” (


AVG’s LinkScanner detects the exploit kit that downloads and executes the ransomware as Exploit,2182, Blackhole Exploit Kit (type 2182):



– AVG Web Threats Research Group