Ransomware threats are a new and quickly emerging type of malware, which is known for displaying a deceptive message on infected systems purporting to have originated from a local law enforcement agency making claims of detecting illegal activity while asking users to pay a hefty fine. Among popular ransomware threats, such as Ukash Virus, FBI Moneypak, a particular threat dubbed Reveton Ransomware is speculated to have come from the infamous hacker group known as Anonymous.
The hacker group Anonymous has made multiple attempts to stir up controversy and make vague threats against just about any organization that they have some type of grievance with. Essentially, Anonymous is widely known as a hacktivist movement that is recognized for their fight for freedom of speech, information and other causes that they view as noble.
We have always suspected where the influx of recent ransomware threats originate from. Now, thanks to abuse.ch spotting what seems to be the originator of the Reveton ransomware threat, potentially off of the heals of a newer Anonymous Virus Ransomware threat, we are now able ramp up our efforts to trace ransomware back to its origins to a certain extent.
What is Reveton Ransomware?
We first detected Reveton ransomware in August of this year and identified it as Trojan:Win32/Reveton, which is basically a malicious Trojan that hijacks a web browser in order to direct the system to certain websites. The redirection through Reveton leads PC users to a deceptive message that actually appears to have come from the FBI (Federal Bureau of Investigation). Within the content of the Reveton message it identifies the IP address and location of the infected system with a strongly-worded message claiming"Your PC is blocked due to reasons specified below". The Reveton message that expels a scam by asking that a ransom be paid through a Ukash or MoneyPak payment. Several other ransomware threats have utilized the basic principle to extort money from unsuspecting computer users.
Ransomware threats are not all that much different and difficult to exploit PC users with than the common rogue antispyware application. This is probably why some security outlets suspect that the Anonymous hacker group is behind the Reveton threat. On the contrary, Mikko Hypponen, chief research officer at security firm F-Security, tweeted about the Reveton ransomware days ago explaining that "the group behind it wasn't Anonymous."
Why blame Anonymous for Reveton Ransomware?
Possibly going off of the fact that the Reveton ransomware utilizes British pounds in asking for a fine would suggest that the creator comes from the UK. Although very plausible, it is still inconceivable to lock in a culprit behind any ransomware threat - mainly because they all use the basic scam principles. The only difference in various ransomware threats is where it claims to have come from and the currency used, which are both factors pointing to locality.
What we have concluded about ransomware thus far, is regardless of the logos, currency or even the language used in recent messages, there is no way to know for sure where it originated from unless the group responsible comes out and says they are taking claim. We've seen how Anonymous has repeatedly taken claim to many hacking cases, not all true, but were still plausible. Whomever you blame, ransomware in any form remains to be a valid and serious scam-laden threat to computer users all around the world.