REVETON Ransomware Spreads with Old Tactics, New Infection Method

(Publication) Google search: [1]

Abstract

“ Similar to older REVETON or police ransomware variants, the recent wave of REVETON malware variants detected as TROJ_REVETON.SM4 and TROJ_REVETON.SM6 are both equipped with the capability to lock the screen of the affected users’ systems.

Its behavior rings similar to previous REVETON variants, which threaten users that they need to pay their local police a fine. In these new samples, the REVETON malware displays “warning” messages from the Homeland Security National Cyber Security Division and the ICE Cyber Crime Center informing users that their computer has been blocked for the reason that “the work of your (the user’s) computer has been suspended on the grounds of unauthorized cyber activity.”

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR339,
   editor = {Trend Labs},
   author = {Alvin Bacani, David Sancho, Jamz Yaneza},
   title = {REVETON Ransomware Spreads with Old Tactics, New Infection Method},
   date = {11},
   month = Dec,
   year = {2014},
   howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/reveton-ransomware-spreads-with-old-tactics-new-infection-method/}},
 }