REVETON Ransomware Spreads with Old Tactics, New Infection Method

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

REVETON Ransomware Spreads with Old Tactics, New Infection Method
Botnet Reveton
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2014 / 2014-12-11
Editor/Conference Trend Labs
Link http://blog.trendmicro.com/trendlabs-security-intelligence/reveton-ransomware-spreads-with-old-tactics-new-infection-method/ (Archive copy)
Author Alvin Bacani, David Sancho, Jamz Yaneza
Type Blogpost

Abstract

Similar to older REVETON or police ransomware variants, the recent wave of REVETON malware variants detected as TROJ_REVETON.SM4 and TROJ_REVETON.SM6 are both equipped with the capability to lock the screen of the affected users’ systems.

Its behavior rings similar to previous REVETON variants, which threaten users that they need to pay their local police a fine. In these new samples, the REVETON malware displays “warning” messages from the Homeland Security National Cyber Security Division and the ICE Cyber Crime Center informing users that their computer has been blocked for the reason that “the work of your (the user’s) computer has been suspended on the grounds of unauthorized cyber activity.”

Bibtex

 @misc{Bacani2014BFR339,
   editor = {Trend Labs},
   author = {Alvin Bacani, David Sancho, Jamz Yaneza},
   title = {REVETON Ransomware Spreads with Old Tactics, New Infection Method},
   date = {11},
   month = Dec,
   year = {2014},
   howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/reveton-ransomware-spreads-with-old-tactics-new-infection-method/}},
 }