Police-themed ransomware speaks to victims -- literally
New variant of Reveton ransomware uses localized voice messages to trick victims into paying rogue fines
IDG News Service - A new variant of a Trojan program called Reveton that prevents victims from using their computers and displays rogue messages from law enforcement agencies is using localized voice messages to trick victims into paying made-up fines, according to researchers from antivirus vendor Trend Micro.
"Detected as TROJ_REVETON.HM, it locks the infected system but instead of just showing a message, it now urges users to pay verbally," Ivan Macalintal, threat research manager at Trend Micro, said Monday in a blog post. "The user won't need a translator to understand what the malware is saying -- it speaks the language of the country where the victim is located."
Reveton is part of a category of malicious programs called ransomware that block certain OS features or encrypt personal files and ask victims for money in order to return their system to normal.
This particular Trojan program is also known as the "police ransomware" because it displays fake alerts purporting to come from law enforcement agencies in various countries and instruct victims to pay a fine for allegedly accessing or storing illegal content on their computers.
Reveton determines the country where the infected computer is located and displays a message in that country's national language purporting to come from a local law enforcement agency. It first appeared in 2011 and spread throughout Western Europe infecting computers in Germany, Spain, France, Austria, Belgium, Italy, the U.K and other countries.
The first variants targeting U.S. and Canadian computer users appeared in May 2012. At the end of November, the Internet Crime Complaint Center (IC3), a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), issued an alert that Reveton was being distributed by the Citadel banking Trojan program and was using IC3's name in its rogue alerts.
"There has been the occasional instance of malware with sound effects," David Harley, a senior research fellow at antivirus vendor ESET, said Monday via email. However, "malware with a regionalized, quasi-personalized voice message is new on me," he said.
Harley hasn't yet heard the voice messages played by this particular Reveton variant, but he believes if they are implemented effectively -- for example, English messages claiming to be from the FBI don't have a heavy Eastern European accent -- some people are likely to find them intimidating.
The malware's novel voice feature might make the scam marginally more convincing to some users, Harley said. However, it's unlikely that it would manage to persuade people who would be reasonably cautions about such scams, he said.
According to a recent report from security vendor Symantec, there are as many as 16 distinct families of ransomware, each controlled by individual cybercriminal gangs. An investigation into a command and control server used in one ransomware operation that resulted in 68,000 infected computers in October, revealed that as many as 3 percent of the victims might have paid the amount asked by the cybercriminals, possibly earning them as much as US$394,000 that month.
Harley advised people whose computers were infected by ransomware not to pay up. There is no guarantee that the criminals will unlock the system, he said. "In many cases where ransomware has taken hold, the crook has just taken payment and moved on without offering any help."
The best option is to call the help desk of your antivirus vendor, because they can hopefully pin down the exact variant and advise you on how to remove it, he said.
- Fight Malware, Malfeasance and Malingering Every year brings more extreme sets of threats than the last. The good news is that there are a range of mitigation options....
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts