FBI virus, also known as FBI MoneyPak ransomware, is actively spread these days among many PCs all over the world. This virus can be spread through sites that look pretty much like security-scan-[random].in. More and more of similar websites are actively involved in this scam designed by cyber hackers and frauds who want to steal your money by tricking you into paying the fake fine, which is a ransom in reality. The PCs located in the United States of America are actively attacked by this FBI MoneyPak virus. However, if you live in some other country and use software like Hotspot Shield to surf the web through the US IP addresses, there is a chance that you will catch this ransomware virus infection as well.
The sites engaged in distribution of this malware look pretty much similar to security-scan-[random].in. Instead of [random] you will see the set of random letters or figures. These websites are hosted in various countries of the world, not just in the United States of America. So, there is also a probability that you will see a totally different design of the same ransomware that is supposed to target various countries with a scary message brought in front of users in their own languages.
This particular ransomware, if targeting the PCs in the US, is presented as a scary warning from FBI. Cybercrime Division, a.k.a. International Cyber Security Protection Alliance. This ransomware is able to detect your IP address, country, your Internet Service Provider (ISP), and in many cases is even capable of hijacking your camera and even showing your lovely face, supposedly tracked by the FBI (of other police body of the country targeted by this ransomware).
The ransomware is accusing you of performing all sorts of crimes online through your locked browser. It even has a special counter that shows time remaining for you to pay the so-called “fine”, which is the ransom in reality. This is what this scam tells you once the attack is successful:
Your browser has been blocked up for safety reasons listed below. All the actions performed on this PC are fixed. All your files are encrypted. Conducted audio and video. You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United States of America criminal law.
Article 161 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.
Also, you are suspected of violation of “Copyright and Related rights Law” (downloading of pirated music, video, warez) and of use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of United States of America criminal law.
Article 148 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.
It was from your computer, that unauthorized access had been stolen to information of State importance and to data closed for public Internet access.
Unauthorized access could have been arranged by yourself purposely on mercenary motives, or without your knowledge and consent, provided your computer could have been affected by malware. Consequently, you are suspected – until the investigation is held – of innocent infringement of Article 215 of United States of America criminal law (“Law on negligent and reckless disregard of computers and computer aids”).
Article 215 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 8 years and/or up to 100.000$ fine.
Further, after information of your personal computer was examined, it was found out that your personal computer had been regularly used for bulk-spamming, either arranged by yourself purposely on mercenary motives, or without your knowledge and consent, provided your computer could have been affected by malware. Bulk-spamming is a way to disseminate malware of banned pornography. Consequently, you are suspected – until the investigation is held – of innocent infringement of Article 301 of United States of America criminal law (“On bulk-spamming and malware (virus) dissemination”).
Article 301 of United States of America criminal law provides for the punishment of deprivation of liberty for term up to 5 years, and up to 250.000$ fine.
Please, mind that both your personal identities and location are well identified, and criminal case can be opened against you in course of 96 hours as of commission of crimes per above Articles. Criminal case can be submitted to court.
However, pursuant to Amendments to the United States of America criminal law dated January 02, 2014, and according to Declaration on Human Rights, your disregard of law may be interpreted as unintended (if you had no incidents before) and no arraignment will follow. However, it is a matter of whether you have paid the fine to the Treasury (to the effect of initiatives aimed at protection of cyberspace).
The penalty set must be paid in course of 24 hours as of the breach. On expiration of the term, 24 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case will be opened against you.
Amount of fine is 300$. You can settle the fine with MoneyPak vouchers.
As soon as the money arrives to the Treasury account, your browser will be unblocked and all information will be decrypted in course of 24 hours.
Then in 7 day term you should remedy the breaches associated with your computer. Otherwise, your computer will be blocked up and criminal case will be opened against youself (with no option to pay fine).
Please mind, that you should enter only verified passs of vouchers and abstain from caching out of vouchers once used for fine payment. If erroneous passs were entered, or if attempt was made to cancel vouchers after transaction, then, apart from above breaches, you will be charged with fraud (Article 377 of United States of America criminal law; 1 to 3 years of imprisonment) and criminal case will be opened.
As you see, the main purpose of this ransomware is to make you waste your funds in favour of cyber frauds and hackers who want to get your money from you. In reality, this is a scam not related at all to the police, FBI or any other local law-enforcement agency of any country targeted by this ransomware.
If the attack is made in the US, hackers will tell you to pay the ransom through MoneyPak, whereas in Europe you will be instructed by the crooks to transfer funds in their favour through PaySafeCard, or Ukash. No matter what the payment method is, these decent payment companies have nothing to do with distribution of this ransomware. In order to unlock your browser we recommend you to follow the guidelines below.
Security-scan-[random].in scam removal tool:
Detailed instructions to reset your browser settings for browsers in Windows operating systems:
- If you can’t shut down your blocked browser, end its process through the Task Manager, or forcedly switch your PC off.
- Restart your computer.
- Via your other browser (not attacked by this fake Interpol scam) download Plumbytes Anti-Malware via https://www.system-tips.net/download.php or directly via the download button above.
- Scan your system and delete all detected infected files and registry entries by clicking “Apply” at the end of scan.
- Shut down all your infected browsers.
- In Plumbytes Anti-Malware click “Tools” tab and select “Reset browser settings“:
- Select which particular browsers you want to be reset and choose the reset options:
- Click “Reset browser settings” button.
- You will receive the confirmation windows about browser settings reset successfully. When you reset your browsers through restarting them you will see that security-scan-[random].in alert (fake FBI or police warning) has been successfully removed.
Instructions to reset Safari browser in Mac OS:
- Open Safari browser.
- Click on the Safari menu and then choose “Reset Safari”:
- It is obligatory to mark all items and hit the “Reset” button afterwards: