Another law enforcement group co-opted in extortion scheme

A cybercrime group has raised the scare tactics used in an increasingly sophisticated Trojan-ransomware combo to frighten victims into paying a bogus fine to unlock their computers.

The latest iteration of Citadel malware and Reveton ransomware uses the name of the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center,in a warning that claims victims have violated federal laws. In a new twist, the ransomware claims victims' computer activity is being recorded.

The scheme begins with luring a person to a website hosting the malware. Once Reveton is installed, it locks up the victim's computer and displays a screen saying the FBI has found that the computer's IP address has been used to access child pornography and other illicit content.

[Bill Brenner in Salted Hash: Cybercrooks make millions off ransomware, Symantec says]

The ransomware uses the IC3 name to frighten people into paying a fine using prepaid money card services, the FBI said. The malware uses the geographical location of the victim to direct to a particular payment service.

"In addition to instilling a fear of prosecution, this version of the malware also claims that the user's computer activity is being recorded using audio, video, and other devices," the FBI said in a statement.

The scheme also involves installation of Citadel, which waits in the background to steal online banking credentials and credit-card numbers.

Criminals have used the Reveton-Citadel combo before. In August, the pair was used in a scheme that co-opted the name of the FBI to frighten victims, the agency said. The FBI first learned of the malware in 2011.

Symantec recently predicted that ransomware such as Reveton would surpass fake antivirus in 2013 as the biggest online scam. Fake AV scams typically warn visitors to a malicious website that their computers are infected with viruses and then installs malware under the pretense of removing the infection.

"From here on out, we're going to see [Reveton-like] threats get much more professional looking and sophisticated as cybercriminals refine the scam and up the fear factor," said Kevin Haley, director of Symantec Security Response.

Symantec has noticed that the spread of Reveton (also known as Ransomlock.G) has increased lately in the U.S. and other countries. "It's particularly effective because the attackers behind it are quick to implement the latest exploit kits and social engineering tricks," Haley said.

More than 16 gangs are behind the spread of ransomware, he said. The majority of infections occur when people click on ads featured on adult-oriented websites.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

Tags RevetonapplicationssymantecData Protection | MalwarelegalCitadelsoftwareransomwaredata protectioncybercrime

More about BillCitadelFBISymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts