Mac Security

Mac User With Ransomware? How To Easily Remove This “Malware” Threat

Justin Pot 17-03-2015

It’s a security myth that needs to die 4 Cyber Security Myths That Must Die Read More : if you have a Mac, you’re safe. The argument is that there aren’t as many viruses out there for OS X, so you don’t need to worry about anything; security threats, this line of thinking goes, are a Windows problem.


This is less true now than ever before, but even so: security isn’t just about the operating system you use. Security is about knowledge. Knowing how to tell if your Mac has a virus 3 Signs Your Mac Is Infected With a Virus (And How to Check) If your Mac is acting weird, it could be infected with a virus. How can you check for a virus on your Mac? We'll show you. Read More and how to beat ransomware Don't Pay Up - How To Beat Ransomware! Just imagine if someone showed up on your doorstep and said, "Hey, there's mice in your house that you didn't know about. Give us $100 and we'll get rid of them." This is the Ransomware... Read More is the best defence you can have.

The FBI Ransomware that affected Mac users a couple years ago is a great example of this. Here’s a piece of “ransomware” that didn’t infect your computer, at all, yet convinced people to pay up.

FBI Ransomware: a Cheap Javascript Trick

Here’s the scenario. You’re browsing the web, minding you’re own business, when you click a link. Maybe you accidentally clicked an ad; maybe you were trying to find a free movie or TV show. Whatever you did, you somehow ended up here:


Oh no! It’s the FBI! They’ve apparently been monitoring your web traffic, and they know about the copyright violations you’ve been committing – watching all those pirated movies and TV shows!


Except, you know this is nonsense – right? So you try to close the tab. That’s when things get…annoying.


Try to close the tab, or your browser, as many times as you want – you’ll always see this popup. Force quit your browser, then restart it, and you’re right back where you started. It’s maddening!

Yes, but it’s also not malware. Google “FBI Ransomware Mac” and you’ll find all kinds of articles claiming this was a “virus”, but it wasn’t. To quote The Safe Mac’s Thomas Reed:


…there is no indication that this is actually Mac malware of any kind. It’s simply an obnoxious browser pop-up, displayed via JavaScript, in an attempt to fool people into paying.

That’s right: this is running entirely in your browser – there’s no infection. You can actually see the few lines of code that make this possible on the Malwarebytes blog. Knowing how persistent this bit of script is, you can see how some people might think it’s a virus – or how someone with very little knowledge might think it’s actually the FBI.

Some people paid up, but obviously they shouldn’t have.

If you think you’re facing a reincarnation of this ransomware, antivirus software won’t help you (again, there’s no virus). Happily, the fix is pretty simple: you just need to force quit your browser, then start it again without restoring your tabs.

Restarting Safari Cleanly

Click the Apple logo at top-left, then click Force Quit.



Find and select Safari in the box that pops up, then click the Force Quit button.


This should shut down Safari without the FBI nag popping up. If you try to start Safari after doing this, the tab will restore and you’ll be back where you started – happily there’s a workaround. When starting Safari, hold the Shift key – this will start Safari without restoring your tabs.


Restarting Chrome Cleanly

As with Safari, click the Apple logo at top-left and then Force Quit. Select Chrome, then click the Force Quit button. Start Chrome again, and you should see this:


Don’t restore your previous session, and you should be fine.

Restarting Firefox Cleanly

Firefox is a little trickier. Head to Firefox’s Preferences, then change the When Firefox Starts setting.


Force Quit Firefox, then restart it, and you should see a blank browser.

If All Else Fails, Try CCleaner

Maybe the above steps didn’t work for you. If so, you might need to empty your browser’s cache and history. There’s a full version of CCleaner for the Mac Full Version of CCleaner Now Released For The Mac No matter how intuitive and reportedly "trouble free" Macs are to run, believe me, several months after you add hundreds of files, applications, and download thousands of webpages, your shiny new iMac or MacBook Air... Read More , and it’s great for wiping all the information saved by your browser. If none of the above methods work, force quit your browser and then clean out everything using CCleaner.


Download CCleaner for Mac (it’s free), then run it. Your browser should be clean afterwards.

Stay Informed; Stay Safe

Again: this particular piece of ransomware wasn’t a virus, but it tricked people into paying up. Security software is helpful, but to really avoid falling for tricks like this you need knowledge. Understanding how these tricks work keeps you secure, so read our guide to ransomware and other threats Don't Fall Foul of the Scammers: A Guide To Ransomware & Other Threats Read More for a brief overview.

To keep up with Mac security news, I recommend subscribing to The Safe Mac in addition to our own security section. If there’s a thread out there to Mac users, you’ll read about it quickly between our two sites. If you know any other resources to check out, please: share them in the comments below. Also feel free to let us know about any other pieces of Mac ransomware that pop up.

(Images of ransomware via Malwarebytes)

Related topics: Anti-Malware, Ransomware, Safari Browser.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Erich ubergruppenfruger
    February 18, 2016 at 2:09 pm

    In IOS: Settings>Safari>Advanced and turn off JavaScript. If that doesn't immediately allow you to navigate away from the offending page, double-click the home button and swipe up to close Safari. Restart Safari and navigate away, then turn JavaScript back on.

  2. dragonmouth
    March 20, 2015 at 11:27 am

    I've gotten the silly FBI warnings while running Firefox on various flavors of Linux. I usually just kill FF and restart it. If that doesn't work, powering the PC off always works.

    BTW - I have FF set to always start with a blank page.

    • Justin Pot
      March 20, 2015 at 1:58 pm

      Having your browser start with a blank page eliminates this problem entirely, that's for sure.

  3. dragonduder
    March 17, 2015 at 10:36 pm

    I've seen this before on Windows: the way I got rid of it without closing the browser session was to open the Chrome Task Manager (Shift+Esc) and end the tab process. Once the process is ended, you can exit the tab.

    • Justin Pot
      March 20, 2015 at 1:59 pm

      I forgot Chrome had that feature! Great idea.