While all versions of Reveton demand payments to unlock a victim's computer, the newest version guarantees a profit regardless of whether or not the victim pays the ransom, by using the infected PC to mine for bitcoins.
Upon installation, the malware connects to a command and control server to provide updates on Bitcoin mining operations. In one sample, the researchers noted a huge increase in mining activity in the late evening, then a slow rise again the following evening.
"Ransomware is most commonly spread via drive-by downloads and Reveton especially has been seen working with some of the most notorious exploit kits available today," writes Malwarebytes malware intelligence lead Adam Kujawa. "Disabling Java Script and keeping all of your plugins and browser as up to date as possible will help deter any attempts for Ransomware to steal your system and maybe even your money."