prepared by FBI
08/09/12
The Internet Crime Complaint Center (IC3) is getting inundated with complaints about a
virus known as Reveton ransomware, which is designed to extort money from its
victims.
Reveton is described as drive-by malware because
unlike many viruses—which activate when users open a file or attachment—this one
can install itself when users simply click on a compromised website. Once
infected, the victim’s computer immediately locks, and the monitor displays a
screen stating there has been a violation of federal law.
The bogus message goes on to say that the user’s
Internet address was identified by the FBI or the Department of Justice’s
Computer Crime and Intellectual Property Section as having been associated with
child pornography sites or other illegal online activity. To unlock their
machines, users are required to pay a fine using a prepaid money card
service.
“Some people have actually paid the so-called fine,”
said the IC3’s Donna Gregory, who oversees a team of cyber crime subject matter
experts. (The IC3 was established in 2000 as a partnership between the FBI and
the National White Collar Crime Center. It gives victims an easy way to report
cyber crimes and provides law enforcement and regulatory agencies with a central
referral system for complaints.)
“While browsing the Internet a window popped up with
no way to close it,” one Reveton victim recently wrote to the IC3. “The window
was labeled FBI and said I was in violation of one of the following: illegal use
of downloaded media, under-age porn viewing, or computer-use negligence. It
listed fines and penalties for each and directed me to pay $200 via a MoneyPak
order. Instructions were given on how to load the card and make the payment. The
page said if the demands were not met, criminal charges would be filed and my
computer would remain locked on that screen.”
The Reveton virus, used by hackers in conjunction
with Citadel malware—a software delivery platform that can disseminate various
kinds of computer viruses—first came to the attention of the FBI in 2011.
The IC3 issued a warning on its website in May 2012. Since that time, the virus
has become more widespread in the United States and internationally. Some
variants of Reveton can even turn on computer webcams and display the victim’s
picture on the frozen screen.
“We are getting dozens of complaints every day,”
Gregory said, noting that there is no easy fix if your computer becomes
infected. “Unlike other viruses,” she explained, “Reveton freezes your computer
and stops it in its tracks. And the average user will not be able to easily
remove the malware.”
The IC3 suggests the following if you become a
victim of the Reveton virus:
- Do not pay any money or provide any personal
information.
- Contact a computer professional to remove Reveton
and Citadel from your computer.
- Be aware that even if you are able to unfreeze your
computer on your own, the malware may still operate in the background. Certain
types of malware have been known to capture personal information such as user
names, passwords, and credit card numbers through embedded keystroke logging
programs.
- File a complaint and look for updates about the
Reveton virus on the IC3 website.
