Citadel Malware Delivers Reveton Ransomware to Extort Money

Thursday, May 31, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

The IC3 has been made aware of a new Citadel malware platform used to deliver ransomware, named Reveton.

The ransomware lures the victim to a drive-by download website, at which time the ransomware is installed on the user's computer.

Once installed, the computer freezes and a screen is displayed warning the user they have violated United States Federal Law.

The message further declares the user's IP address was identified by the Computer Crime & Intellectual Property Section as visiting child pornography and other illegal content.

To unlock their computer the user is instructed to pay a $100 fine to the US Department of Justice, using prepaid money card services. The geographic location of the user's IP address determines what payment services are offered.

In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud. Below is a screenshot of the warning screen.

Reveton warning screen

This is an attempt to extort money with the additional possibility of the victim’s computer being used to participate in online bank fraud. If you have received this or something similar do not follow payment instructions.

It is suggested that you;

  • Contact your banking institutions.
  • File a compaint at www.IC3.gov.

Source:  http://www.ic3.gov/media/2012/120530.aspx

Possibly Related Articles:
8307
Viruses & Malware
malware Attacks Headlines IC3 Ransomware Advisory Citadel Extortion Reveton
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.