Apple (Mac OS X) FBI Moneypack Cyber Department Ransomware Virus – Steps to Remove All Signs of This Virus



You’ve been accused of viewing prohibited pornographic content or crimes involving copyright laws and now you need to pay $300 or more to “unlock” your Mac.



This is a new type of malicious, ransomware virus that has been targeting Apple / Mac OS X users.  Ransomware is a new type of dangerous malware that can block access to your computer system. The original FBI Moneypak virus that ravaged the PC world was discovered in 2012 and primarily targeted Windows Operating System users. This new version of the malware for Macs was discovered by Jerome Segura (senior security researcher at Malwarebytes), it uses Javascript to hijack Internet browsers such as Safari on Mac OS X. This new form of ransomware attacking Apple computers are similar to previous cryptoviruses that restrict access to Mac OS X by disguising itself as a government entity such as the FBI Cyber Department.


This ransomware will show a full screen browser window that claims, “All activities of this computer have been recorded. All your files are encrypted. Don’t try to unlock your computer! Your browser has been blocked due to at least one of the reasons specified below.” The browser window will then list the crimes involving copyright and related rights law violations, distribution of prohibited pornographic content, neglectful use of a personal computer, and more. The browser window according to the alleged FBI Cyber Department, or other government authority will then threaten that the user must pay a “fine” using credit a service such as Moneypak or the computer user will face serious jail time.





The fraudulent “penalty fine” that the hackers are extorting can range anywhere from $100, $300, to $500.  In essence the hackers are holding your Mac or PC for ransom of the “penalty fine”.


According to the man that discovered this recent trojan ransomware, Segura, there is no actual infection on the Mac system but the victim is led to believe that there is.


If you are a victim of this cyber crime on your Mac you may find your Safari browser window cannot be closed and you may need to perform a force quit of Safari. Force quitting your browser will result in the same window reopening when you open Safari again due to Apple’s restore-from-crash feature on Mac OS X.




There are three safe ways to remove malware according to Segura:

  • You can close the browser page showing the FBI Cyber Department warning 150 times, by clicking the Leave Page button each time when prompted by Safari.

The reason why you need to do this 150 times is because the Javascript that makes up FBI ransomware spawns 150 iframes (layers in a web page) dynamically.



  • You can reset Safari from your Safari menu this will unfortunately wipe your entire browsing history, saved names and passwords, auto fill text, and more.




Segura states that, “The computer hackers know how to utilize social engineering to manipulate victims, for example, a Mac user can be led to this locked page by doing a search for a nude image of a young, female celebrity on Bing images (name not mentioned).  Segura continues, “The victim of this malware will now feel guilty that what they may have been doing was wrong and that they got caught.  The hackers will play on this shame that the victims feel and trick them into paying the ‘fine.’”



  • There is another final solution: Change your browser. Google Chrome browser, for instance is not vulnerable to this attack and Firefox is much less vulnerable than Safari.

According to Segura, “Running Chrome on a Mac reduces the chances of getting a virus infected are almost none.”