Yesterday was the nastiest day this month. After making it home from a long working day, I landed in front of the PC and rushed to continue my Guild Wars 2 play. Windows was almost loaded, when a strange (even funny) window popped-up on my desktop:

“Your PC is blocked due to at least one of the following reasons specified below”. Then, the text goes on, explaining that I have been violating Copyright laws, I should be investigated and prosecuted... and things like that. The funniest thing was that this message supposedly comes from FBI. Of course, I am not stupid enough to believe that, it was obvious that this is a scam scheme. The funniest thing is that “FBI” even offers you to pay a one-time “escape-from-the-prison” fee of $69,99, if you like to avoid the investigation.

For 5 minutes, I was entertained by this message. Then I got a little bit nervous: one – someone somehow succeeded to install and run this program on my computer and two – I was not able to stop it!

No matter I tried, I was not able to run Task Manager at all. A quick search on my iPad showed that this scam is called FBI Moneypak. The things started to look even worse.

In an alert published August this year, the FBI said that The Internet Crime Complaint Center was “getting inundated with complaints” from users affected by the scam, which uses drive-by downloads to invade the PCs. The threat displays a frightening message and blocks the user from doing anything else on his machine, unless he pays the fine. The FBI stated the attacks have been released with the help of a “new drive-by virus” dubbed Reveton. Even though these types of attacks are known for years, in the past they have targeted European users. Now, FBI Moneypak scam aims United States and according to the rising number of complaints, the number of victimized users is rising every day.

Several computer security related sites are posting instructions for manual removing the FBI Moneypak without having to pay the ransom fee (here’s one example). I will ask you to understand that if you have been infected by a rogueware, the ransomware component (the one you see) is almost certainly just the most visible of the malware that is running on your computer. For example, the latest Reveton versions will steal all passwords stored on the victim’s PC.

Malware attacks like FBI Moneypak show the need to have a solid practices for backing up your data, because the safest way to clean a computer infected with infections like FBI Moneypak is to reinstall Windows. The most advanced rogueware threats will first steal all your saved passwords and then encrypt all of your documents and files before demanding a ransom payment.