Architecture, Network security, Threats, Cybercrime, Malware, Policy, Critical infrastructure

Feds issue alert on Reveton ransomware resurgence

August 10, 2012

Users are flooding the Internet Crime Complaint Center (IC3) with reports of their machines succumbing to Reveton, scam software known as scareware.

The latest wave of attacks resulted in the organization – a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center to issue an alert on Thursday.

Reveton disguises itself by displaying a message to recipients that appears to come from the FBI. Specifically, victims are told authorities have determined, based on their IP address, that they have visited child pornography sites.

Victims are lured to a download website, where Reveton is installed on their computer. This causes their machine to freeze and a screen to display that carries a fake warning saying they have violated federal law. The malware then attempts to extort money from the victim by ordering them to pay a fine, using online money transfer services, in order to unlock their computer.

But even if victims pay the ransom, Reveton will remain on their machine and be capable of committing further  fraud. Reveton could also be part of a “malware cocktail," in which it is packaged with other malware, such as banking trojan Citadel.

Jason Milletary, technical director for malware analysis at the Dell SecureWorks' Counter Threat Unit research team, told SCMagazine.com on Friday that he suspects IC3 is fielding a surge of complaints because of the malware's supposed connection to the FBI.

“The most important thing is not to give them any money, and don't try to contact the individuals,” Milletary said.

Usually, detection effectiveness will increase within days of malware being released, he added, though criminals are constantly tweaking virus' code so that it evades being flagged by anti-virus programs.

“It can be tricky because it tends to take over the machine,” Milletary said of Reveton. "You may also need to get onto another computer to find the instructions to get the virus off. If that fails, go the safe route and call a professional."

The FBI became aware of Reveton last year, and IC3 previously warned about it in May.  

prestitial ad