Police-themed ransomware speaks to victims -- literally
New variant of Reveton ransomware uses localized voice messages to trick victims into paying rogue fines
IDG News Service - A new variant of a Trojan program called Reveton that prevents victims from using their computers and displays rogue messages from law enforcement agencies is using localized voice messages to trick victims into paying made-up fines, according to researchers from antivirus vendor Trend Micro.
"Detected as TROJ_REVETON.HM, it locks the infected system but instead of just showing a message, it now urges users to pay verbally," Ivan Macalintal, threat research manager at Trend Micro, said Monday in a blog post. "The user won't need a translator to understand what the malware is saying -- it speaks the language of the country where the victim is located."
Reveton is part of a category of malicious programs called ransomware that block certain OS features or encrypt personal files and ask victims for money in order to return their system to normal.
This particular Trojan program is also known as the "police ransomware" because it displays fake alerts purporting to come from law enforcement agencies in various countries and instruct victims to pay a fine for allegedly accessing or storing illegal content on their computers.
Reveton determines the country where the infected computer is located and displays a message in that country's national language purporting to come from a local law enforcement agency. It first appeared in 2011 and spread throughout Western Europe infecting computers in Germany, Spain, France, Austria, Belgium, Italy, the U.K and other countries.
The first variants targeting U.S. and Canadian computer users appeared in May 2012. At the end of November, the Internet Crime Complaint Center (IC3), a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), issued an alert that Reveton was being distributed by the Citadel banking Trojan program and was using IC3's name in its rogue alerts.
"There has been the occasional instance of malware with sound effects," David Harley, a senior research fellow at antivirus vendor ESET, said Monday via email. However, "malware with a regionalized, quasi-personalized voice message is new on me," he said.
Harley hasn't yet heard the voice messages played by this particular Reveton variant, but he believes if they are implemented effectively -- for example, English messages claiming to be from the FBI don't have a heavy Eastern European accent -- some people are likely to find them intimidating.
The malware's novel voice feature might make the scam marginally more convincing to some users, Harley said. However, it's unlikely that it would manage to persuade people who would be reasonably cautions about such scams, he said.
According to a recent report from security vendor Symantec, there are as many as 16 distinct families of ransomware, each controlled by individual cybercriminal gangs. An investigation into a command and control server used in one ransomware operation that resulted in 68,000 infected computers in October, revealed that as many as 3 percent of the victims might have paid the amount asked by the cybercriminals, possibly earning them as much as US$394,000 that month.
Harley advised people whose computers were infected by ransomware not to pay up. There is no guarantee that the criminals will unlock the system, he said. "In many cases where ransomware has taken hold, the crook has just taken payment and moved on without offering any help."
The best option is to call the help desk of your antivirus vendor, because they can hopefully pin down the exact variant and advise you on how to remove it, he said.
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Data Protection eGuide In this eGuide, CSO and sister publications IDG News Service, Computerworld, and CIO pull together news, trend, and how-to articles about the increasingly...
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!