FBI: Beware of Ransomware Virus
There is a new “drive-by” virus on the Internet, and it often carries a fake message purportedly from the Federal Bureau of Investigation.
“We’re getting inundated with
complaints,” said Donna Gregory of the Internet Crime Complaint Center
(IC3), referring to the virus known as Reveton ransomware, which is
designed to extort money from its victims.
Reveton is described as drive-by malware
because unlike many viruses—which activate when users open a file or
attachment—this one can install itself when users simply click on a
compromised website. Once infected, the victim’s computer immediately
locks, and the monitor displays a screen stating there has been a
violation of federal law.
The bogus message goes on to say that the
user’s Internet address was identified by the FBI or the Department of
Justice’s Computer Crime and Intellectual Property Section as having
been associated with child pornography sites or other illegal online
activity. To unlock their machines, users are required to pay a fine
using a prepaid money card service.
“Some people have actually paid the
so-called fine,” said the IC3’s Gregory, who oversees a team of cyber
crime subject matter experts. (The IC3 was established in 2000 as a
partnership between the FBI and the National White Collar Crime Center.
It gives victims an easy way to report cyber crimes and provides law
enforcement and regulatory agencies with a central referral system for
complaints.)
“While browsing the Internet a window
popped up with no way to close it,” one Reveton victim recently wrote to
the IC3. “The window was labeled FBI and said I was in violation of one
of the following: illegal use of downloaded media, under-age porn
viewing, or computer-use negligence. It listed fines and penalties for
each and directed me to pay $200 via a MoneyPak order. Instructions were
given on how to load the card and make the payment. The page said if
the demands were not met, criminal charges would be filed and my
computer would remain locked on that screen.”
The Reveton virus, used by hackers in
conjunction with Citadel malware—a software delivery platform that can
disseminate various kinds of computer viruses—first came to the
attention of the FBI in 2011. The IC3 issued a warning on its
website in May 2012. Since that time, the virus has become more
widespread in the United States and internationally. Some variants of
Reveton can even turn on computer webcams and display the victim’s
picture on the frozen screen.
“We are getting dozens of complaints every
day,” Gregory said, noting that there is no easy fix if your computer
becomes infected. “Unlike other viruses,” she explained, “Reveton
freezes your computer and stops it in its tracks. And the average user
will not be able to easily remove the malware.”
The IC3 suggests the following if you become a victim of the Reveton virus:
- Do not pay any money or provide any personal information.
- Contact a computer professional to remove Reveton and Citadel from your computer.
- Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background. Certain types of malware have been known to capture personal information such as user names, passwords, and credit card numbers through embedded keystroke logging programs.
- File a complaint and look for updates about the Reveton virus on the IC3 website.