IC3 Issues Extortion Scam Alert for Reveton Ransomware Distributed by Citadel Malware

A scam alert through the FBI's Internet Crime Complaint Center (IC3) was issued just a few days ago as a response to their findings on an antagonistic email spam campaign. The spam messages were a result of using a combination of new ransomware-type threat used to extort money from computer users responding to the email and Citadel Trojan malware.

Ransomware threats, usually in the form of a misconceived message or pop-up attempting to relay a message to PC users of a local agency detecting illegal activity, is a relatively new type of malware that has been immensely successful with extorting money from unsuspecting computer users. The Internet Crime Complaint Center has taken it upon themselves to alert the Internet public of this new type of extortion technique, which is deployed by hackers using the Citadel malware platform to deliver Reveton ransomware threats. In some instances of the spam message attack, a malicious link redirects users to sites delivering a drive-by-download website to install ransomware onto the victims PC.

Reveton ransomware is a particular string of malware that has resorted to using many different variations of ransomware messages. These particular Reventon ransomware messages have evolved over the past few months from impersonating FBI website messages to exploiting popularized Java Blackhole kit to push newer variants. In such cases, we have even witnessed variations of other Ransomware threats impersonating local police force agencies such in the case of FBI Moneypak Ransomware and even commonplace operating systems with the belligerently placed Windows Genuine Advantage Ransomware. Most times, a computer infected with Ransomware will freeze up followed by the actual ransom notification where the message claims of unlocking the system by means of a fine being paid through legitimate online e-payment systems, such as Moneypak, Paysafecard or Ukash.

The claims that most of Reveton ransomware threat messages have made over the past couple of months are those of detecting a computer user's activity through the recording of video, audio and other devices. Additionally, these threats will claim that the victim's IP address has accessed child porn and other illegal content. This is a common trait we have found through most recently detected ransomware. The Citadel malware, responsible for employing this new spamming campaign, was known for conducting online banking and credit card fraud from compromised computers. The particular spamming campaign spreading the Reveton ransomware threat reportedly comes about from an email claiming to be directly from the IC3. The IC3 has responded through an announcement on their site stating "This is not a legitimate communication from the IC3, but rather is an attempt to extort money from the victim. If you have received this or something similar do not follow payment instruction."

The perpetrators behind this new-found malware creation, or what we now call ransomware, have broken out of the traditional sense of using familiar techniques to extort money from computer users. It is evident in witnessing such stern warnings from organizations like the FBI's Internet Crime Complaint Center that ransomware is a quickly growing menace. The future outlook on the war against ransomware looks bleak considering how hackers are utilizing old and new tools to assist them with their exploitation of such threats.

The IC3 has suggested that computer users encountering this threat or spam message do the following:

• File a complaint at www.IC3.gov.
• Keep operating systems and legitimate antivirus and antispyware software updated.
• Contact a reputable computer expert to assist with removing the malware.