If your computer suddenly locks up and orders you to pay a fine, don’t give in to its demands! It could be a malware infection. The U.S. Federal Bureau of Investigation recently issued a warning regarding a virus that takes users’ computers hostage. The FBI originally issued a warning about the Reveton malware in May 2012, but the program has since become more widespread within the United States and the rest of the world.Once Reveton infects a user’s computer, the machine immediately locks and displays a pop-up warning that claims the individual’s internet address has been identified by the FBI as conducting illegal activity, such as piracy. Some variants of the virus are also capable of turning on the user’s webcam and will display a snapshot along with the warning. One victim claimed the pop-up window demanded $200 via MoneyPak order and contained instructions for how to pay. According to the FBI, many users have paid the fraudulent fines.
“We are getting dozens of complaints every day,” said Donna Gregory of the FBI’s Internet Crime Complaint Center (IC3) unit. “Unlike other viruses, Reveton freezes your computer and stops it in its tracks. And the average user will not be able to easily remove the malware.”
The IC3 suggested several steps for victims if they become infected:
• Do not pay any money or give out personal information.
• Contact a computer professional to remove Reveton from your computer.
• Be aware that even users who unfreeze their computers may still be infected. Many types of malware will operate in the background to collect personal information such as passwords, usernames and financial data.
• Check for updates about the Reveton virus on the IC3 website.
Although Reveton can be tricky for most users to completely get rid of, it isn’t the only malware cyber criminals have up their sleeves. According to the FBI, Reveton is delivered through the Citadel toolkit, which is a malware platform designed specifically for compromising financial data.
Citadel malware used in other incidents
Citadel has been linked to several attacks against both consumers and large financial institutions. As a TechTarget article reported, Citadel is believed to have been responsible for delivering some of the largest attacks against banks and other companies in the financial industry.
The article discussed the implications of the toolkit going underground, which makes it more difficult for security researchers to counter the malicious software. As malicious software draws more attention, it can be a lot riskier for cyber criminals to openly distribute their software. By taking distribution offline, Citadel developers can still deliver updates to current users, but without as much risk of getting caught.
As the recent surge of Reveton attacks indicate, cyber criminals are still using Citadel to orchestrate lucrative attacks. One of the dangers of the toolkit is that it was designed so that cyber criminals could pay for additional functionality, similar to paying for an app on your iPhone. Because Citadel-based malware can be customized, traditional antivirus programs are not always effective in recognizing new variations of threats. However, application control software can fill in some of the gaps left by traditional cybersecurity options.
“Looking to the surrounding cybercrime arena, history proves that malware coders know when to leave the room,” said security researchers from risk governance company RSA, who were quoted in the article. “To date, developers of popular Trojans like Zeus’ Slavik, SpyEye’s Gribodemon and Ice IX’s GSS have never been arrested and we are seeing the Citadel’s team already taking measures to go deeper underground for their own safety.”
Have you been affected by Reveton or other ransomware? How did you react?