Do You Need To Worry About the FBI Ransomware / FBI MoneyPak Virus On Your Mobile Thingies?

I recently got a question about The FBI Ransomware Trojan, which is also known as the FBI MoneyPak virus. A commenter raised the question in the comments section of my earlier post, Does Your Kindle Fire Need Virus Protection?


What’s “FBI Ransomware”?

This specific Trojan / virus is an especially nasty one, as it essentially locks you out of your computer or mobile device until you pay whatever fee it’s asking in order to release the lock. It’s got “FBI” in the name because the extortion pop-up says the FBI has identified some kind of threat on your machine and will remove it in exchange for a fee, usually $100, to be paid by credit card. So these hackers get $100 immediately, plus the duped consumer’s credit card number.

Making matters worse, making that payment won’t necessarily unlock your computer or device. Even if it does work, it’s only a matter of time before the hackers lock you out again and demand more money.

**UDPATED 8/30/14**

FBI Ransomware Only Works On PCs and Macs, NOT Mobile Devices

FBI Ransomware malware has yet to crop up on any tablet or smartphone. This Trojan is apparently only designed to work on PCs and (more recently) the Mac OS X operating system.

FBI Ransomware Has Begun Invading Mobile Devices, But…

Getting rid of it on a mobile device may be as simple as resetting the device to factory defaults provided the user hasn’t rooted or hacked ther device, which can disable the “reset to factory defaults” option on some devices. One reader reports that on a Kindle Fire, doing a hard reset (e.g., holding down the power button long enough to completely power the device down, then turning it back on) was enough to get rid of the Moneypak message he was seeing when ‘waking’ his Fire, he didn’t have to do the full factory reset. However, if that fails then a factory reset will be necessary.

**12/31/14 UPDATE** If you’ve got this virus, or any malware that locks you out of your Fire’s home screen, see my 12/31/14 post: Infected Fire Tablet? Here’s A Possible Solution.

Yes, doing this means you may lose some of your personal settings and files, but anything that’s stored in a Cloud (e.g., Amazon’s Cloud, Google Play’s Cloud, iCloud, etc.) can simply be re-downloaded. Even so, it’s not such a serious issue for mobile devices like tablets and smartphones because the users of those devices can easily make the problem go away—again, assuming they haven’t rooted or hacked their device—, with minimal negative impact. Some hassle, sure. But not any lasting damage.

It’s a VERY different story on a PC or Mac. On a computer, the equivalent of doing a ‘reset to factory defaults’ is reformatting the hard drive and re-installing the operating system (e.g., Windows, Mac OS X, etc.), which would mean losing all your programs and personal files. Most consumers would rather do almost ANYTHING than that, so these hackers know they’ve got those consumers over a barrel with their malware.

There are other ways to remove the FBI Ransomware Trojan from a PC or Mac, but they’re somewhat complicated and are beyond the scope of this post, which is only here to reassure you that this particular threat is nothing you need to worry much about on your mobile devices (so long as you’re not sideloading apps, rooting the device, or downloading suspicious email attachments from within your device’s email app).

Please also see this more recent (10/1/14) DMM Post: Malware Update: FBI Moneypak / Ransomware Virus On Kindle Fire and How To Avoid It.

If the FBI Ransomware Trojan ever DOES show up on your mobile device, a hard reset may be all you need to do to eliminate it. If that fails a reset to factory defaults will definitely get rid of it on a non-rooted device where you have not sideloaded the app that brought Moneypak to you in the first place.