In a recent intelligence note, The Internet Crime Complaint Center (IC3) warned that the Citadel malware platform, which delivers Reveton ransomware, is now using a fake IC3 alert to extort money from victims.
"The message ... declares that a law enforcement agency has determined that a computer using the victim's IP address has accessed child pornography and other illegal content," the intelligence note states. "To unlock the computer, the user is instructed to pay a fine using prepaid money card services."
"The new variant of the ransomware works in much of the same way as previous versions, except that this time, instead of the FBI, the message appears like it's coming from IC3," writes SC Magazine's Dan Kaplan.
"The ransomware can be removed without paying the 'fine,' but users are advised to check their systems for the Citadel malware, too, as their personal, financial and login information can be collected and used by cyber crooks to execute identity theft and credit card fraud," writes Help Net Security's Zeljka Zorz.
"Citadel is a constantly evolving malware platform," writes Threatpost's Michael Mimoso. "In October, its authors [updated] the malware with a dynamic configuration module that allows them to inject code directly into compromised browsers in real time. This new feature lessens the chance that the malware would be detected by security software since this would eliminate the need for update configuration files to be sent to each bot."