New ransomware called Reveton claiming to have come from the U.S. Department of Justice will lock a computer and display a warning screen saying the IP address of the computer has been detected accessing child pornography sites.
Based on the Citadel malware platform, the malware will then issue a $100 fine and advise how the victim should make the payment in order to unlock the computer, said officials from security firm, Trusteer.
The threat works on several levels. Quite a few users are literate enough to know IP monitoring is not infallible, so this must clearly be a mistake. They are also aware law enforcement is becoming increasingly aggressive in its Internet policing. The easiest solution is to simply pay the “fine” and make it all go away.
Needless to say, it doesn’t just go away. “Citadel continues to operate on the compromised machine on its own,” Trusteer said. “Therefore it can be used by fraudsters to commit online banking and credit card fraud by enabling the platform’s man-in-the-browser, key-logging and other malicious techniques.”
The best solution is not to suffer the infection in the first place. The malware payload delivers via a drive-by download. “The attack begins with the victim being lured to a drive-by download website,” Trusteer said. “Here a dropper installs the Citadel malware on the target machine which retrieves the ransomware DLL from its command and control server.”
But once infected, the user should never pay the fine, but should instead seek professional help.