New Blackhole ransomware graphic mimics the FBI

Featured

News & Threats:

Posted 342 days ago by TomK

The AVG Web Threats Research Group found a new ransomware page delivered by the Blackhole exploit kit this week. The malware, which claims to be a legal action by the U.S. Federal Bureau of Investigation (FBI), locks up the machine’s Windows operating system and demands payment of a “fine” to unlock it.

The graphic, which includes a fake video, demands a payment of $100 through an untraceable money transfer. Since the text cites the fine as “100$,” it’s obvious this isn’t really from the FBI.

Another giveaway that this is fake lies in the text that says the affected PC has been used to violate copyright laws, view pornographic content, or has been infected with malware and violates a fictional “Neglectful Use of Personal Computer article 210 of the Criminal Code.”

The page is delivered via SSL on port 443.

The ransomware instructs victims to pay their “fine” with a MoneyPak card, which can be purchased from any of the following well-known U.S. retail chain stores

– 7-Eleven

– CVS/Pharmacy

– Rite Aid

– Walmart

– Kmart

– Walgreens

MoneyPak is a payment system that allows users to “reload” the card by paying at an approved partner site then use it to pay other merchants.

The MoneyPak company has a page on its web site with: “6 Tips on How to Protect Yourself from Fraud”

It includes the advice:

“Don’t use the MoneyPak to pay taxes or fees to claim “winnings” on a foreign lottery or prize promotion. Unless it’s an approved MoneyPak partner, don’t use MoneyPak for any offer that requires you to pay before you get the item.” (https://www.moneypak.com/ProtectYourMoney.aspx)

AVG’s LinkScanner detects the exploit kit that downloads and executes the ransomware as Exploit,2182, Blackhole Exploit Kit (type 2182):

– AVG Web Threats Research Group

Print Story

Email Story

Bernny Chaste

What should you do if you have this virus in order to prevent identity theft?
Sébastien Duquette

Describing it as “Blackhole ransomware” is a bit misleading as Blackhole can be used to distribute anything.
http://www.facebook.com/people/Nick-Wilson/100001505708576 Nick Wilson

the Metropolitan Police version of this in the UK is identical except for the messages displayed. AVG (at least the free version) does not block it, I got infected yesterday although i run AVG. It’s simple enough to remove anyway by rebooting, hitting F12 before Windows loads, launching Windows in safe mode and going back to your latest restore point
http://youtube.com/thisisadamb Adam B.

Is there a removal tool for this? I’m only finding gamed search links that lead me to bogus tools that do nothing. I’m working on a friend’s W7 Dell and nothing works to remove this.
http://localcomputerrepairshop.com/virus-threats/fake-fbi-ransomware-analysis/ Fake FBI Ransomware analysis | Local Computer Repair

[...] our previous blog post our AVG Web Threats Research group analyzed a Blackhole exploit kit serving the fake FBI [...]
http://twitter.com/nabor605 Bradley Nelson

I’d sure like some information on removing this virus/ransomware….I’d prefer not to have to reformat/reinstall Windows
http://twitter.com/nabor605 Bradley Nelson

I’ve found that booting into Safe Mode, and then doing a System Restore to a few weeks earlier before becoming infected seems to remove this malware. I scanned the computer afterwards a bunch too, and it seems to be clean now
Kate Styer

What if you don’t have a recent restore point sadly not my computer… other thoughts to remove?
http://www.facebook.com/profile.php?id=100000171012386 Mark Wallace

I have heard that system restore does not fully remove the mal ware you need to start your computer in safe mode with networking then open command prompt (RUN) then /msconfig. disable the program from startup. Then your virus scan will find the three trojans associated with the malware

Avatars by Sterling Adventures