Police-themed ransomware speaks to victims -- literally
New variant of Reveton ransomware uses localized voice messages to trick victims into paying rogue fines
IDG News Service - A new variant of a Trojan program called Reveton that prevents victims from using their computers and displays rogue messages from law enforcement agencies is using localized voice messages to trick victims into paying made-up fines, according to researchers from antivirus vendor Trend Micro.
"Detected as TROJ_REVETON.HM, it locks the infected system but instead of just showing a message, it now urges users to pay verbally," Ivan Macalintal, threat research manager at Trend Micro, said Monday in a blog post. "The user won't need a translator to understand what the malware is saying -- it speaks the language of the country where the victim is located."
Reveton is part of a category of malicious programs called ransomware that block certain OS features or encrypt personal files and ask victims for money in order to return their system to normal.
This particular Trojan program is also known as the "police ransomware" because it displays fake alerts purporting to come from law enforcement agencies in various countries and instruct victims to pay a fine for allegedly accessing or storing illegal content on their computers.
Reveton determines the country where the infected computer is located and displays a message in that country's national language purporting to come from a local law enforcement agency. It first appeared in 2011 and spread throughout Western Europe infecting computers in Germany, Spain, France, Austria, Belgium, Italy, the U.K and other countries.
The first variants targeting U.S. and Canadian computer users appeared in May 2012. At the end of November, the Internet Crime Complaint Center (IC3), a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), issued an alert that Reveton was being distributed by the Citadel banking Trojan program and was using IC3's name in its rogue alerts.
"There has been the occasional instance of malware with sound effects," David Harley, a senior research fellow at antivirus vendor ESET, said Monday via email. However, "malware with a regionalized, quasi-personalized voice message is new on me," he said.
Harley hasn't yet heard the voice messages played by this particular Reveton variant, but he believes if they are implemented effectively -- for example, English messages claiming to be from the FBI don't have a heavy Eastern European accent -- some people are likely to find them intimidating.
The malware's novel voice feature might make the scam marginally more convincing to some users, Harley said. However, it's unlikely that it would manage to persuade people who would be reasonably cautions about such scams, he said.
According to a recent report from security vendor Symantec, there are as many as 16 distinct families of ransomware, each controlled by individual cybercriminal gangs. An investigation into a command and control server used in one ransomware operation that resulted in 68,000 infected computers in October, revealed that as many as 3 percent of the victims might have paid the amount asked by the cybercriminals, possibly earning them as much as US$394,000 that month.
Harley advised people whose computers were infected by ransomware not to pay up. There is no guarantee that the criminals will unlock the system, he said. "In many cases where ransomware has taken hold, the crook has just taken payment and moved on without offering any help."
The best option is to call the help desk of your antivirus vendor, because they can hopefully pin down the exact variant and advise you on how to remove it, he said.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- AIIM Trendscape: The New Mobile Reality This AIIM Trendscape report shares data, expert opinions, and a unique perspective on the impact of cloud and mobility in the enterprise, surfacing...
- Empowering Your Mobile Workers A modern mobile IT strategy is no longer an option, it is an absolute necessity. Here's how some of the nation's most progressive...
- Mobile Content, Collaboration & IDC's 3rd IT Platform: The Next Frontier for the Mobile Enterprise IDC focuses this article on talks about the new IT platform. This 3rd IT Platform will be the new wave for about the...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Management White Papers | Webcasts