New Warning on Citadel and Reveton Issued

The FBI has issued a new warning on a Citadel and Reveton ransomware campaign
The FBI has issued a new warning on a Citadel and Reveton ransomware campaign

"Ransomware," said this week's alert, "is used to intimidate victims into paying a fine to 'unlock' their computers. The ransomware has been called 'FBI Ransomware' because it frequently uses the FBI’s name including the names of FBI programs such as InfraGard and IC3." In Europe it is often just called the Police Trojan or Police Ransomware.

This latest campaign, however, uses the US Department of Homeland Security's name to extort its ransom. It displays a warning that accuses victims of violating various US laws and locks their computers. "To unlock their computers and avoid legal issues," warns IC3, "victims are told they must pay a $300 fine via a prepaid money card."

Back in February, Europol, Interpol and the Spanish police made a number of arrests of European members of the Reveton gang. It was hoped that this would be a major disruption of Reveton. “Although the arrest does not constitute the entirety of the gang, we can say that this is a significant disruption to the gang's activities,” Trend Micro's Rik Ferguson told Infosecurity. But, he added, “The malware itself is still out there and is used by others."

Similarly, just last month Microsoft and the FBI announced a joint operation that "cut communications between 1462 Citadel botnets and the millions of infected PCs around the world." This too was hoped to be a major disruption, although Microsoft's assistant general counsel at its Digital Crimes Unit, Richard Boskovich, said at the time, "due to Citadel’s size and complexity, we do not expect to fully take out all of the botnets in the world using the Citadel malware."

And, of course, now they're both back. One of the problems is that by the time the user sees the Reveton warning screen, it is already too late: the infection has occurred. At this point, IC3 recommends that a victim should "contact a reputable computer expert to assist with removing the malware," and "file a complaint at"

But the better solution is to avoid infection in the first place. "Keep operating systems and legitimate antivirus and antispyware software updated," says IC3.

What’s hot on Infosecurity Magazine?