Complete Guide to Remove FBI Ransomware from your system


Guide To Remove FBI Ransomware

FBI Ransomware, also known as Reveton Ransomware, is one of the latest menacing members of the giant Ransomware family. Upon infection, it restricts your access to files & applications on your mobile device & computers by encrypting them. It demands a ransom amount of around $100-$400 which is to be paid within 72 hour.

FBI Ransomware impacting Smart-phones

The FBI MoneyPak virus infection mainly propagates when you visit malware-laden sites that could instantly exploit vulnerabilities in the running browser of installed plug-ins.

Threat Summary-

Name Fbi
Type Ransomware
Category Malware
Operating System Impacted Windows, iOS, Android
Targeted Browser Google Chrome, Internet Explorer, Mozilla Firefox, Safari



Insight into the First Appearance & Attacks of FBI Ransomware

FBI Ukash MoneyPak Ransomware, nicknamed as FBI Ransomware, is rogue software that encrypts files & applications on smart-phones & computer systems.

FBI virus first surfaced to the limelight in year 2012 wherein it claimed to be associated with the domestic intelligence & security service of the United States, FBI (Federal Bureau of Investigation). It mentioned that a mobile device or computer has been locked as certain illicit activities were observed on the particular machine. A ransom amount from $100 to $400 was demanded by the victims, in order to get their encrypted data retrieved.

According to the resources, in response to the Ransomware attack, FBI published an advice, requesting people not to pay any ransom amount as the data encryption was not carried out by the real FBI. Ransomware Victims were asked to contact authorized PC security organizations such as Internet Crime Complaint Centre to get the Ransomware removed.

In year 2018, FBI worked in collaboration with the United Kingdom’s National Crime Agency & arrested a large number of hackers involved in developing & distributing the FBI ransom virus in the United States.

Threat Behavior of FBI Ransomware-

Though FBI Ransomware was first discovered in year 2012, after 6 complete years it has been observed propagating widely than ever. It is currently posing a serious threat to Windows OS, iOS & Android users across the globe.

It can infect your system/smart-phone when you visit malware-laden or corrupt sites, open spam e-mail attachments or download files from certain torrent sites.

Once your device has been infected, a screen-locker locks the mobile screen/desktop & a splash screen containing FBI’s Official Logo & a warning message appears.

The alert message/notice/warning claims that the devices have been blocked by the FBI due to the violation of certain Copyright & Related Rights Law. It further notifies the victims that copyrighted content such as videos, music & software has been illegally visited or distributed through the device.

The cyber-criminals behind this devious Ransomware ask the victims to pay the ransom amount from $100-$400 via Green Dot MoneyPak, Ukash or PaySafeCard pre-paid card services, in order to unblock their devices.

As per the warning, the ransom amount is to be paid in next 72 hours of the infringement. Failing to make the payment within 72 hours will lead to the registration of a criminal case against the victim.

Surprisingly, the right-side section of the Warning Message contains a guide to help the victims to learn how a MoneyPak card can be purchased & payment can be made.

The FBI warning virus creates an iframe loop which helps FBI Ransomware to start automatically with every system reboot & prevent victims from exiting the browser.

Please note that neither FBI, nor any other security authority uses screen-lockers or Ransomware to collect fines. The bogus application belongs to the hackers who seek to extort money from Windows, iOS & android users.

In case your system/ smart-phone has been infected by the fbi Virus, act smart & do not make any attempt of paying ransom amount.

Note: Cyber-security researchers have discovered that various versions of FBI Virus are currently operating around the world such as FBI MoneyPak Virus, FBI GreenDot MoneyPak Virus, FBI Virus Black Screen, FBI Online Agent, White Screen FBI Virus and FBI Department of Defense Virus.

Distribution Techniques of FBI Ransomware

FBI Ransomware can spread its infections through various propagation techniques. Some of the common spread techniques are mentioned below-

1). Opening Spam e-mail attachments

2). Downloading illegal program such as illegal games or software cracks.

3). Visiting malware-laden /infected websites.

4). Clicking on infected pop-up ads, banners or hyperlinks.

5). Visiting torrent or adult content websites.

6). Clicking & downloading fake software updates.

How to Remove FBI Ransomware infection from the system- 

STEP A: Reboot the System to a Safe Mode with Networking

To restart the system to Safe Mode with Networking,  if already switched ON then follow the below steps:

Windows 7/ Vista/ XP

  1. Click on Windows icon present in the lower left corner of the computer screen.
  2. Select and click  Restart.
  3. When the screen goes blank, Keep tapping  F8  Key until you see the Advanced Boot Options window.
  4. With the help of arrow keys on keyboard, Select Safe Mode with Networking  option from the list and press the Enter Key. The system will then restart to Safe Mode with Networking.

5 Click on the username and enter the password (if any).

Windows 10 / Windows 8

  1. Press and hold the Shift Key and simultaneously click on the windows icon present in the lower left corner of your computer screen.
  2. While the Shift key is still pressed click on the Power button and then click on Restart.
  3. Now select Troubleshoot → Advanced options → Startup Settings.
  4. When the Startup Settings screen appears which is the first screen to appear after restart, select and click on Enable Safe Mode with Networking. The system will then restart to Safe Mode with Networking.
  5. Click on the username and enter the password.

STEP B: How to Reset Your Browser 

Mozilla Firefox

  1. Open Mozilla Firefox and click on the three horizontal lines (Mozilla Menu icon ) which are at the top right corner of the computer screen.
  2. A Drop down menu will be displayed. On this menu click on the “Help” (Mozilla help icon) button as shown in the image below. The Help menu will be displayed on the screen.Mozilla firefox menu screenshot
  3. From this menu click the option that reads “Troubleshooting information“. A new tab will open up with the Troubleshooting information.
    Choose troubleshooting information from Mozilla Firefox menu
  4. On the Troubleshooting Information page, click on the button that reads “Refresh Firefox” as shown in the image below.Mozilla reset option
  5. The “Refresh Firefox” message box will pop up on the screen. On this message box click on the “Refresh Firefox” button.Refresh Firefox
  6. After this Firefox will close itself and a new window will be displayed which will list the information that is imported. Click on the option that reads “Finish” to complete the task.

Google Chrome

  1. Open Google chrome and click on the three vertical dots (Menu Icon-Chrome ) which is at the top right corner of the computer screen. A drop down menu will appear on the screen. From this menu choose the option that reads “Settings”.Google Chrome menu
  2. The Chrome’s settings window will be displayed on the screen. On this screen scroll through the bottom of the page and click on the option that reads “Advanced option” as shown below.Google Chrome advance settings
  3. The Advanced setting options will be displayed on the screen. Scroll through the list of options till you find the “ Reset browser settings” section. Click on the icon as shown below.Reset Chrome option
  4. The reset dialogue box will pop up on the screen. From this dialogue box click on the button that reads “Reset”.

Internet Explorer

  1. Open Internet Explorer and click on the gear icon (Internet explorer gear icon ) which is at the top right corner of the browser screen. A drop down menu will be displayed on the screen. From this drop down menu, click on the option that reads “Internet options”.IE - internet options
  2. The “Internet options” dialogue box will be displayed. Click on the “Advanced” tab. In the Advanced tab click on the button that reads “Reset” as shown in the image below. The “Reset Internet Explorer Settings” section will be displayed on the screen. Now click on the button that reads “Reset” .Precautions: In this dialogue box make sure to uncheck the “Delete Personal settings” option to save your passwords and other important data.Reset Internet Explorer settings
  3. When it’s done, click on the button that reads “Close” to complete the task. Now close and reopen your browser.Close Reset Internet Explorer

STEP C: Restore your system files and settings

Method 1 using Control Panel

  1. Click on the ‘Start’ button on the taskbar. This will open the Start menu.
  2. Click on the ‘Control Panel’ button in the Start menu. This will open the control panel window.
  3. In the Control Panel window, click on the ‘View by:’ button on the top right. Select the Large Icon option
  4. In the control Panel window click on the ‘Recovery Icon’. This will open a window that will ask ‘Restore the computer to an earlier point in time’.
  5. Click on the ‘Open system restore’ button. This will open the ‘system restore ’window where you need to click on the Next Button.
  6.  Select the restore point that is prior the infiltration of FBI Ransomware. After doing that, click Next.
  7. This will open the ‘Confirm your restore point’ dialog box. Click on Finish button. This will restore your system to a previous restore point before your system was infected by FBI Ransomware.


Method 2 using Command Prompt

  1. Type cmd in the search box and click on the command prompt to open the Command Prompt window. box and clicking on it.
  2. Once the Command Prompt window shows up, enter cd restore and click Enter.(Ensure that you in the system32 directory of Windows folder in C Drive)
  3. Now type rstrui and press Enter again.
  4. When a new window shows up, click Next and select your restore point that is prior the infiltration of FBI Ransomware. After doing that, click Next.
  5. This will open the ‘Confirm your restore point’ dialog box. Click on Finish button. This will restore your system to a previous restore point before your system was infected by FBI Ransomware.


  1. Type ‘Rstrui’ in the search box present on the task bar. This will open the System restore dialog box.

Continue to follow steps 4 & 5 of Method 2 to restore the System Files and settings.


Tips to prevent your computer system from getting infected –

  1. Keeping the Operating System Updated- In order to remain protected and avoid such infections, it is recommended to keep your Operating System updated by enabling the automatic update on your system. The systems with outdated or older versions of Operating System become an easy target for the attackers.
  2. Resist clicking on spam emails – One of the major techniques used for malware distribution is forwarding spam emails to the user. The system gets infected as soon as the user clicks on the attachment. These mails appear to be genuine, so be aware and resist falling for these tricks.
  3. Keep an eye on third party installations- It is quite important that you take due care while installing any third party applications for they are major source of such infections. Such malware programs come bundled with the free applications thereby requiring the user to remain cautious.
  4. Regular periodical backup- In order to keep your data and files safe, it is recommended to take regular back up of all your data and files either on an external drive or cloud.
  5. Use Anti-Virus Protection- We strongly recommend the use of antivirus protection/internet security in your PC like Sophos and BULL GUARD so that it remains safe.
  6. Enable the Ad Blocker/Popup Blocker in your browser- Enabling the popup blocker/ ad blocker in your chosen browser will help you to stay protected from annoying adware.
Virus Removal Guidelines