Another law enforcement group co-opted in extortion scheme

A cybercrime group has raised the scare tactics used in an increasingly sophisticated Trojan-ransomware combo to frighten victims into paying a bogus fine to unlock their computers.

The latest iteration of Citadel malware and Reveton ransomware uses the name of the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center,in a warning that claims victims have violated federal laws. In a new twist, the ransomware claims victims' computer activity is being recorded.

The scheme begins with luring a person to a website hosting the malware. Once Reveton is installed, it locks up the victim's computer and displays a screen saying the FBI has found that the computer's IP address has been used to access child pornography and other illicit content.

[Bill Brenner in Salted Hash: Cybercrooks make millions off ransomware, Symantec says]

The ransomware uses the IC3 name to frighten people into paying a fine using prepaid money card services, the FBI said. The malware uses the geographical location of the victim to direct to a particular payment service.

"In addition to instilling a fear of prosecution, this version of the malware also claims that the user's computer activity is being recorded using audio, video, and other devices," the FBI said in a statement.

The scheme also involves installation of Citadel, which waits in the background to steal online banking credentials and credit-card numbers.

Criminals have used the Reveton-Citadel combo before. In August, the pair was used in a scheme that co-opted the name of the FBI to frighten victims, the agency said. The FBI first learned of the malware in 2011.

Symantec recently predicted that ransomware such as Reveton would surpass fake antivirus in 2013 as the biggest online scam. Fake AV scams typically warn visitors to a malicious website that their computers are infected with viruses and then installs malware under the pretense of removing the infection.

"From here on out, we're going to see [Reveton-like] threats get much more professional looking and sophisticated as cybercriminals refine the scam and up the fear factor," said Kevin Haley, director of Symantec Security Response.

Symantec has noticed that the spread of Reveton (also known as Ransomlock.G) has increased lately in the U.S. and other countries. "It's particularly effective because the attackers behind it are quick to implement the latest exploit kits and social engineering tricks," Haley said.

More than 16 gangs are behind the spread of ransomware, he said. The majority of infections occur when people click on ads featured on adult-oriented websites.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Tags: Reveton, Data Protection | Malware, symantec, applications, Citadel, legal, software, data protection, ransomware, cybercrime

While Heartbleed distracts, hackers hit US universities

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security Solutions-GigaVUE-420

In partnership, Newgen provides innovative network monitoring and security solutions based upon Gigamon’s GigaVUE-420 systems.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.