FBI Screenlocker
The FBI Screenlocker, as its name suggests, belongs to the screen locker type of malware. While the end goal is the same as that of ransomware threats, screen lockers are not as threatening and comparatively more comfortable to deal with because they do not encrypt any files on the compromised computer. Instead, they block the user's access through a full-screen window that usually contains a variant of a popular tactic scenario.
The FBI Screenlocker follows a pattern - it blocks the system with a fullscreen window containing an alarming and completely fake message that asserts that the FBI has detected illicit activities being performed on the particular computer. It tries to paint the user as a hardened criminal who has now been caught doing some rather heinous crimes. The lists displayed by the FBI Screenlocker consists of four distinct charges:
- Sending spam messages containing terrorist motives
- Propagating of fascism
- Downloading child pornography
- Selling drugs
To unlock their system, affected users are supposed to pay a $150 'fine' to the FBI. As if the whole message wasn't ridiculous enough, the FBI Screenlocker demands the vaguely disguised ransom to be paid using Bitcoin with the money being sent to a crypto wallet address provided in the ransom note. Things get even more laughable thanks to the next part - after making the transaction, users are expected to send a message to the following email address - fbilock@protonmail.com, and then wait patiently to receive an unlock code that must be entered into the malware's lock screen.
It should be obvious immediately that nothing written in the note is true. The FBI does block the computers of individual users and then attempt to collect fines, especially ones payable in any of the myriad of different cryptocurrencies.
Fortunately for the victims of the FBI Screenlocker, infosec researchers managed to uncover the unlock code needed to restore access to the blocked system. The code that needs to be supplied is W269N-WFGWX-YVC9B-4J6C9-T83GX. A reboot of the system may be mandatory before full access becomes available.
