Reveton impersonates FBI, claims to record users’ illegal activities

The deadly combination of the Citadel malware and the Reveton ransomware is still widely used to steal information and money from uninformed users, the Internet Crime Complaint Center (IC3) warns.

The Citadel malware – a banking Trojan that is based on Zeus Trojan’s source code and whose creators have adopted a Software-as-a-Service approach when it comes to the modifications of the crimeware kit that produces its variants – lures users to websites that deliver Reveton via drive-by download.

Once the ransomware is installed, it freezes the victims’ computer and shows a message supposedly coming from the IC3:

The message claims that the users’ computer has been blocked because they “violated U.S. Federal Law” by accessing illegal content such as child pornography.

The criminals behind the scheme try to create a sense of urgency and danger in order to make users act rashly, so the message also claims that the users’ computer activity is being recorded using audio, video, and other devices.

To make the accusations go away and to unlock their computer, the victims are urged to pay a fine using prepaid money card services such as MoneyPak, Ukash, and others.

“This is not a legitimate communication from the IC3, but rather is an attempt to extort money from the victim. If you have received this or something similar do not follow payment instruction,” the IC3 warns.

The ransomware can be removed without paying the “fine”, but users are advised to check their systems for the Citadel malware, too, as their personal, financial and login information can be collected and used by cyber crooks to execute identity theft and credit card fraud.

Don't miss