Mac Ransomware Now Demands Additional Payment

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Malwarebytes researchers recently found that a relatively new form of ransomware targeting Mac OS X users, first uncovered in July 2013, has added a new twist.

The ransomware uses JavaScript code and iframes to trick victims into thinking that their browsers have been blocked, with a message purporting to come from the FBI that states in part, "You have been viewing or distributing prohibited Pornographic content (Child Porno photos and etc were found on your computer. ... To unlock your computer and avoid other legal consequences, you are obligated to pay a release fee of $300."

But now, if the victim pays the $300 fee, a second screen appears, demanding an additional fee of $450. "To delete this case from all criminal records and avoid any problems at work and other places where criminal records can be checked, you are obligated to pay a release fee of $450," the screen states.

"This new trend shows that Ransomware is an effective business model for cyber-criminals who are not afraid about demanding more and more from their victims," writes Malwarebytes senior security researcher Jerome Segura.

In his initial post describing the malware, Segura noted that it's actually relatively easy to get rid of it without paying a ransom -- just click on the Safari pull-down menu, choose "Reset Safari," make sure all items are checked, and click the Reset button.