Latest Reveton ransomware strain includes IC3 warning

Share this article:

In an ironic twist, the purveyors of extortion malware known as Reveton are using the Internet Crime Complaint Center (IC3) name to lend credibility to their attempted heists.

IC3 serves as the national clearinghouse for online complaints, such as Reveton, and is the entity that published an alert Friday about the latest iteration of the Reveton threat.

Users typically fall victim to Reveton unexpectedly and unknowingly, through a tactic known as drive-by downloads in which their machines are infected simply when they visit a compromised site. Once their computers are hit, they freeze up, and users are greeted with a bogus notice on the screen that claims they have violated federal law -- typically for copyright or child pornography infractions --and they must make a payment via prepaid money card in order to regain control of their PC.

The new variant of the ransomware works in much of the same way as previous versions, except that this time, instead of the FBI, the message appears like it's coming from IC3.

Stephen Cobb, security evangelist of anti-virus company ESET, said Reveton is a steady, but not particularly widespread, threat, likely due to the cost of distributing it. After peaking in mid-October, it currently makes up a about one-tenth of one percent of the threats ESET sees from its users. By comparison, Conficker still is responsible for close to three percent of all threats.

But Reveton, which commonly is bundled with the dangerous banking trojan Citadel, is regularly being tweaked so to evade detection and, once installed on a machine, is difficult to remove.

"It's being hosted on a wide range of sites," Cobb said. "If they can get a server infected somewhere, they will host it...It can be very alarming when you get it. Even if you don't fall for it [and pay the ransom], you still got a problem."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.