Reveton 'police ransom' malware gang head arrested in Dubai

Campaign extorted money from countless victims

A Russian man accused of being a key figure behind the notorious and hugely successful Reveton 'police ransom' malware that successfully blackmailed thousands of PC users across the world has been arrested in Dubai, Spanish police have announced.

Unpicking exactly what has happened here will be difficult - such gangs are global concerns with multiple outlets - but the arrest could be of major significance.

According to security firm Trend Micro, which said it had collaborated in tracking down the perpetrators, police traced the unnamed man through its payment channel which funnelled through Spain.

Payment is the one weakness for ransom malware, which depends on typically blackmailing its PC victims into sending money in order to have control of their PCs unlocked and 'returned' to them.

Reveton's attack method was to convince infected users that they had been detected as having committed a non-existent computer crime and that they should pay a fine to a police force localised to the victim's home country.

Failure to do so would render the PC unusable or make it impossible to access files bar the ability to open a web browser in order to pay the ransom.

This was accepted in PaySafeCard/UKash vouchers, which were, Trend said, laundered into real cash before being forwarded to the arrested man's gang.

Police said the Spanish operation netted one million euros per year, likely only a fraction of what was being made globally. A further ten people associated with the operation were also picked up, including Ukrainians, Russians and Georgians, police said.

"These arrests are a tremendous result from the ongoing work and collaboration between the Spanish police and Trend Micro's eCrimes unit which works extensively and collaboratively with law enforcement authorities across the globe," said Trend Micro.

The exact number of victims will likely never be known - and new victims are still being claimed by Reveton even now - but must run to hundreds of thousands at a minimum.

In August, the FBI warned US consumers about Reveton after being "inundated" with reports of infections.

Ransom malware has grown into a major headache for police forces, partly because it has affected the SME sector especially badly, sometimes in conjunction with targeted attacks on small businesses, including one small Australian medical centre that had its entire database encrypted.

Exactly how many crime hubs are using the ransom technique is hard to know; Reveton is certainly not the only such campaign out there. A recent Symantec estimated the profits from ransom attacks as being huge.

It is unlikely that the arrests will make more than an important dent in both Reveton or ransomware in general.

"Before we all start celebrating, it must be said that in our opinion, based on our research of the Police Virus [Reveton], there is more than one group behind the attacks," commented Luis Corrons of antivirus firm Panda Security.

"We've reached this conclusion after having studied multiple variants of this malware over time and having detected numerous striking differences among them."

Tags: Personal Tech, security

Reverse Heartbleed puts your PC and devices at risk of OpenSSL attack

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Business Risk Management Solutions

Create and deliver online assessments to identify business risks and track their mitigation and resolution.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.