Trusteer Warns of New Ransomware Variant

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Trusteer researchers are warning of new use of the Citadel malware platform to deliver ransomware, called Reveton, which tries to trick its victims into paying $100 to unlock their computers.

"The infections are occurring after users are lured to a drive-by download site where a dropper installs the Citadel malware, which, according to the Trusteer report, uploads Revton's ransomware DLL from Citadel's command and control server," writes Threatpost's Brian Donohue. "The Citadel strain locks down its host computer, displaying a fake message warning users that their computer has been identified by the Computer Crime and Intellectual Property Section of the US DoJ for having visited websites containing child pornography or other illegal content, and thus, violating US federal law. In order to unlock their machines, users are prompted to pay a $100 fine to the DoJ."

Regardless of the user's action, the Citadel malware continues to operate on the infected machine, enabling its operators to commit online banking and credit card fraud.

"It is clear from this and similar attacks we have discovered recently that financial malware has achieved a technological level of sophistication which enables it to be used to carry out virtually any type of cyber-attack," writes Trusteer's Amit Klein. "Through a combination of social engineering, data capturing and communication tampering these attacks are being used by criminals to target applications, systems and networks belonging to financial institutions, enterprises, and government agencies in order to commit fraud or steal sensitive information. We have to recognize that cyber-crime and cyber-security protection begins with the endpoint now more than ever."