Last July, a ransomware prank was found making the rounds on Safari browsers, which tied up the browser window with excessive pop-ups purporting to be from the FBI, demanding users send $300 to have their browser unlocked. The ransomware wasn’t harmful to the user’s system, and it could be easily bypassed. Well, we’re seeing yet another round of this irritating prank, and this time it affects Chrome and Safari browsers.
There’s a couple ways to kill this prank from each of the affected web browsers.
If you see this in the Google Chrome browser, following are instruction for two ways to clear this threat from Chrome:
1. Create a new cache directory in Terminal
Launch Chrome with a new cache directory by typing a Terminal command:
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome –disk-cache-dir=/tmp
After this, quit Chrome then delete the files in this folder:
~/Library/Caches/Google/Chrome/Default/
2. Clear related data in Chrome
You can type in the URL:
chrome://settings/clearBrowserData
Then, clear any data that appears to be related to this prank.
If you see this in the Safari browser, following are instructions for two ways to clear this threat from Safari:
1. Reset Safari
In the Safari menu, choose “Reset Safari.” The browser will restart without bringing up the problematic site. It will, however, erase a lot of other historical, saved data.
2. Force Quit + Hold Shift Key While Restarting Safari
The other tactic simply targets the function that resumes open windows after a crash, which can be done by holding the Shift key while starting Safari.
First you will need to force-quit Safari as you would expect, either by going to the Apple menu and choosing “Force Quit” and choosing to quit Safari, or by using the keyboard-combination Command + Option + Escape to bring up the same window.
The second step is to hold the Shift key while restarting Safari, which restarts the browser without restarting any previously open windows.
We also encourage anyone who encounters ransomware to send the files to sample@virusbarrier.com for further analysis.
All this highlights the fact that a multi-layered approach to security is the best method to protect your digital life from the bad guys. Intego offers powerful Mac antivirus and security software that works together to create layers of security. This tactic makes your machine a less profitable (and therefore less desirable) target for cybercriminals. So keep your Mac safe with advanced Mac security solutions such as Intego Mac Premium Bundle, which protects from malware, network attacks, web threats, spyware, and more.
Update: The process for resetting Safari has changed with OS X Yosemite. Curiously, Apple has actually made this process a lot more difficult than it used to be. There are now three different areas inside Safari for removing certain information.
To reset Safari in OS X Yosemite, follow these steps:
In the Safari menu, choose “Clear History and Website Data,” and a Privacy preferences window will open.
Click the “Remove All Website Data” button from Privacy preferences, and it will ask you if you are sure you want to remove all data stored by websites on your computer.
Select “Remove Now” to clear data that could be used to track your browsing. Next, you’ll want to clear caches. To do so, you now have to enable Develop mode to clear Safari cache. Here’s how to clear Safari cache:
Lastly, a Force-Quite of Safari may be effective as well. To do so, simply go to the Apple menu > Force Quite, and choose Safari.
If you have any other questions or concerns, contact Intego support and one of our Mac experts will happily assist you.