"Buy $500 antivirus from us," say cyber-criminals

“Buy $500 antivirus from us,” say cyber-criminals

In yet another twist, the guys behind the browser-based FBI (or geo-specific police force) ransomware are pushing the envelope to another level.

This type of extortion, where your browser locks up until you pay up, has been going on for months. It preys on people’s fear of authority when confronted for supposedly bad online behaviour (downloading pirated movies, viewing child pornography, etc).

About two weeks ago, I had blogged about a new fee in addition to the first ransom. Not satisfied with only one payment, cyber crooks had decided to ask for more money in exchange for purging your ‘criminal records’.

Of course, these scammers do not have access to your criminal records and simply want to trick you to clear up your conscience.

This time around, the bad guys want you to buy a $500 antivirus from them, on top of paying the browser unlock and criminal records fees ($300 and $450 respectively).


“You are obligated to buy safe antivirus that will alert you about criminal and illegal content,” it reads.


Victims who fall for this scam can end up paying a grand total of $1,250 for absolutely nothing. The so-called antivirus does not exist; if you do in fact pay, you do not receive anything else but a “your browser will be unlocked within 12 hours” message.

The slideshow below shows the full scam in motion, detailing the three different ransoms:

This threat can easily be mitigated by closing your browser in one of many ways documented here.

No doubt the cyber crooks behind this sham will come up with a new  way to steal more money from their victims again in the near future.


Jerome Segura (@jeromesegura) is a senior security researcher at Malwarebytes.


Jérôme Segura

Principal Threat Researcher