Ransomware Locks Computers, Demands Payment

There’s been a nasty virus that’s come into to town and the FBI wants you to be aware of it.

The Reveton virus, used by hackers in conjunction with Citadel malware—a software delivery platform that can disseminate various kinds of computer viruses—first came to the attention of the FBI in 2011.

What’s so bad about this new virus?

Reveton is described as drive-by malware because unlike many viruses—which activate when users open a file or attachment—this one can install itself when users simply click on a compromised website. Once infected, the victim’s computer immediately locks, and the monitor displays a screen stating there has been a violation of federal law.

I came across news of it today through one of my organizations, ChurchIT Roundatable (which seems to verify that is is indeed spreading according to FBI’s partner site IC3’s Donna Gregory) ,  from a member posting that one of his clients now had a compromised laptop as a result.  Nice, right.  So I decided to do some investigation of my own.

If you search Google for “FBI virus“, you’ll get the FBI site right up there at the top.  In fact, the quotes above come from them.  Later on the page, there are a various tech forum posts and a YouTube describing how you can remove this virus. MacAfee is one of the leaders – which makes me wonder just how good a security system they produce.  But it seems this one can get through MSSE, too.  And if you are interested in the nuts and bolts of how this works,  here’s as good as explanation as to how that can happen with malware.  The botton line: If you don’t keep up with all your security updates, there’s going to be an exploitable hole somewhere in some layer no matter how good a system you have.  Nothing is 100%!  So to recap: this thing is bad because 1) it can get through even if you have a security system running and 2) Its spreading – you can pick it up off

But Hey! What About Google Chrome’s Phishing and Malware Protection feature?

There are some things you can do to protect yourself.  First off, make sure the security features are turned on in your browser.

If you are running IE8 or IE 9, follow these steps:

  1. Make sure you have your SmartScreenFilter turned on.
  2. IE8 users will find this, under the Safety menu, IE9 users will fine it under Tools menu.

If you are surfing with Google Chrome follow these steps:

  1. Open Google Chrome
  2. Click on the Wrench icon located on top right corner of the browser.
  3. Select Settings from the drop-down list.
  4. Click on Under the Hood from the left panel.
  5. Mark the Enable phishing and malware protection under Privacy settings.

If you are running FireFox follow these steps:

  1. Open FireFox
  2. Click on Tools >> Options>> Security
  3. Make sure the following are checked:
    • Warn me when sites try to install add-ons
    • Block reported attack sites
    • Block reported web forgeries

So what can you do if you are infected?

The IC3 or The Internet  Crime Complaint Center recommends the following:

  • Do not pay any money or provide any personal information.
  • Contact a computer professional to remove Reveton and Citadel from your computer.
  • Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background. Certain types of malware have been known to capture personal information such as user names, passwords, and credit card numbers through embedded keystroke logging programs.
  • File a complaint and look for updates about the Reveton virus on the IC3 website.
  • If you want to attempt removal yourself, see the links above but be aware there may be a cost involved or that you may not know for sure that you are completely clean.

Source: FBI – New Internet Scam

Speak Your Mind

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.