Reveton 'police ransom' malware gang head arrested in Dubai

Campaign extorted money from countless victims

A Russian man accused of being a key figure behind the notorious and hugely successful Reveton 'police ransom' malware that successfully blackmailed thousands of PC users across the world has been arrested in Dubai, Spanish police have announced.

Unpicking exactly what has happened here will be difficult - such gangs are global concerns with multiple outlets - but the arrest could be of major significance.

According to security firm Trend Micro, which said it had collaborated in tracking down the perpetrators, police traced the unnamed man through its payment channel which funnelled through Spain.

Payment is the one weakness for ransom malware, which depends on typically blackmailing its PC victims into sending money in order to have control of their PCs unlocked and 'returned' to them.

Reveton's attack method was to convince infected users that they had been detected as having committed a non-existent computer crime and that they should pay a fine to a police force localised to the victim's home country.

Failure to do so would render the PC unusable or make it impossible to access files bar the ability to open a web browser in order to pay the ransom.

This was accepted in PaySafeCard/UKash vouchers, which were, Trend said, laundered into real cash before being forwarded to the arrested man's gang.

Police said the Spanish operation netted one million euros per year, likely only a fraction of what was being made globally. A further ten people associated with the operation were also picked up, including Ukrainians, Russians and Georgians, police said.

"These arrests are a tremendous result from the ongoing work and collaboration between the Spanish police and Trend Micro's eCrimes unit which works extensively and collaboratively with law enforcement authorities across the globe," said Trend Micro.

The exact number of victims will likely never be known - and new victims are still being claimed by Reveton even now - but must run to hundreds of thousands at a minimum.

In August, the FBI warned US consumers about Reveton after being "inundated" with reports of infections.

Ransom malware has grown into a major headache for police forces, partly because it has affected the SME sector especially badly, sometimes in conjunction with targeted attacks on small businesses, including one small Australian medical centre that had its entire database encrypted.

Exactly how many crime hubs are using the ransom technique is hard to know; Reveton is certainly not the only such campaign out there. A recent Symantec estimated the profits from ransom attacks as being huge.

It is unlikely that the arrests will make more than an important dent in both Reveton or ransomware in general.

"Before we all start celebrating, it must be said that in our opinion, based on our research of the Police Virus [Reveton], there is more than one group behind the attacks," commented Luis Corrons of antivirus firm Panda Security.

"We've reached this conclusion after having studied multiple variants of this malware over time and having detected numerous striking differences among them."

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal Techsecurity

More about FBIPandaPanda SecuritySymantecTrend Micro Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts