FBI Ransomware

The FBI Ransomware belongs to the malware threats that lock the data of their victims and then attempt to extort money from them. Ransomware attack operations can impact both individual users, as well as corporate entities. When executed on the infected systems, threats like the FBI Ransomware will run an encryption routine that will impact most of the documents, archives, databases, images and other file types stored there. The FBI Ransomware marks all files it locks by appending '.fbi' to their original names.

However, several aspects of the FBI Ransomware show that the threat is either in its early stages of development or its creators are not that experience, as the threat is decryptable by entering fbi as a decryption key. Furthermore, the malware will deliver three ransom notes to the infected systems via the 'readme.txt,' 'LOCKEDBYFBI.hta,' and 'decryptfiles.html' files. However, two of them were found to be completely empty. Only the message shown in a full-screen window is active and it will have an audio component where a bot will read the text of the ransom note.

The message is presented as a warning from the FBI and contains a multitude of logos belonging to different U.S. agencies. According to the fake notice, the FBI has detected illegal content on the victim's device and browsing history. As a result, the data on the system has been locked until a ransom presented as a 'fine' of $250 is paid. Users affected by the current versions of the threat may not have to pay a dime, though. By entering 'fbi' (without quotation marks) into the 'Decrypt' field of the threat's window and pressing the 'Unlock' button, users can restore their encrypted files.

The full text of the bogus FBI message shown by the malware is:

'Illegal content has been found on your system!

This computer has been seized by the Federal Bureau of Investigation.
Inn accordance with a seizure warrant obtained by the U.S. Attorney's Office for the Southern District of California, and the U.S. Department of Justice, Criminal Division, Computer Crime and Intellectual Property Section.
Issued pursuant to 18 U.S.C. §§ 981, 982, and 1030 by the United States District Court for the Southern District of California.
All your files have been encrypted and to get them back you must notice we detected illegal content.
We notice also your illegal activity online, to get your files back you must e-mail us at crimeinvest23@proton.me
Else your files will be used as evidence against you. Your fine must be payed and illegal files will be erased after.
Your current find is: $250.00 for having illegal websites and activity in your system.
Do not attempt to close the locker, it is bad decide for you. When closed all detail will be sent to the FBI database.
You can be arrested for up to many years and its classed as escaping the fine.

Warning, all attempts to unlock the system are logged to FBI database, do not try to guess your system password, pay the fine!'