There's a new piece of malware that's been in the news recently and this is one you need to be warned about. Referred to as either "Citadel malware" or "Reveton ransomware", this nasty piece of work actually threatens you with possible prison time if you don't send the creator money.
While that might seem a bit ludicrous when you hear it like that, the actual splash screen of the malware claims to be an alert from the FBI. A lot of people have been hit by it, and the FBI has issued a statement advising people not to fall for the scam.
If you become infected with the ransomware, a popup appears on your screen as the software locks your computer. The popup informs you that child pornography or other illegal material has been detected on your hard drive and that you have anywhere from 2 to 72 hours to pay a $100 to $250 fine to remove the lock; if you don't pay, the screen informs you that the illegal material will be sent to the FBI's forensic team or other authorities for processing. Often there is no way to use your account on the computer while this lock screen is in place, and some versions of the software take control of your webcam while the screen is up as well.
The worst part about this scam is that the malware is installed in a "drive-by" attack, meaning that you don't even have to download or run anything to become infected. Visiting infected websites causes the ransomware program to download automatically with no notification, installing in the background and then launching once it's installed. You might even get redirected to one of these sites if you get other malware installed on your system, giving you two infections to deal with instead of just one.
When the Reverton ransomware program is installed it tends to interfere with antivirus functions, ensuring that your existing antivirus won't be able to take care of the problem. I'm sure that it's only a matter of time before antivirus manufacturers patch this problem and your antivirus can take care of the infection as soon as it happens, but even if they do there's a chance that an updated version will be released as we've seen happen so many times before.
There's a pretty good guide to the ransomware over at BotCrawl, including pictures of some of the pop-up screens, what to do if you're infected and how to manually remove the infection yourself. It's long, but it's well worth the read to keep yourself safe.
With National Cyber Security Awareness Month just a couple of weeks away it's important to remember that the people who create malware and ransomware like this are always advancing, and it's up to us to keep up with the latest threats and learn how to evaluate scams like these for what they are. In this case, remember that the FBI would never have a random pop-up appear on your computer and demand that you pay fines using MoneyPak cards or other online payment methods. While it can be frightening to see something like this, it's no different than any other scam that starts to fall apart once you apply reasoning and critical thinking to the demand that they make.
The National Cyber Security Alliance, a coalition of private companies, nonprofits and government organizations created the first-ever coordinated message to help all digital citizens stay safer and more secure online: STOP. THINK. CONNECT
NEWSLETTER SIGN UP
SUBSCRIBE
CONTACT
Although this variant is new, this kind of malware has been around for a while now and people are still falling for it. I have to admit, the lock screen which imitates, FBI, Local police or any other authorities that they disguise themselves as, can look pretty genuine.
Manual removal is highly recommended and even a scan using malware bytes after removal just to make sure the system is clean.