Imagine browsing around Facebook, your favorite retail site, maybe a new shopping site – and suddenly, your computer locks up. What now? It’s called a “drive by” virus and it’s running rampant on the internet. It’s relatively new, but it’s more than pesky and the damages can be serious. It carries dire message and if the FBI can catch the criminals, it also carries a fine. These types viruses are known as “Ransomware” and they not only lock your computer, but they demand you make a payment, via your credit card, to remove them.
“We’re getting inundated with complaints,” said Donna Gregory of the Internet Crime Complaint Center (IC3), referring to the specific virus known as “Reveton” ransomware, which is designed to extort money from its victims. Described as a drive-by malware because unlike many viruses – which activate when users open a file or attachment – this one can install itself when users simply click on a compromised website. Once infected, the victim’s computer immediately locks, and the monitor displays a screen stating there has been a violation of federal law, says the FBI.
The message continues by claiming you’ve hit a website identified by the FBI or the Justice Department’s Computer Crime and Intellectual Property Section as being associated with child pornography or a host of other illegal online activities. The message says to unlock your machine, you will be required to pay a fine using your credit card or a prepaid money debit card. Worse, there are folks who pay the fines, says Gregory.
Donna Gregory oversees a team of cyber crime subject matter experts that was established in 2000 as part of an agreement between the FBI and the National White Collar Crime Center. The goal is easily and safely report cyber crimes while providing law enforcement and regulatory agencies with a central referral system for complaints.
In one instance, a victim told the FBI,
While browsing the Internet a window popped up with no way to close it. The window was labeled FBI and said I was in violation of one of the following: illegal use of downloaded media, under-age porn viewing, or computer-use negligence. It listed fines and penalties for each and directed me to pay $200 via a MoneyPak order. Instructions were given on how to load the card and make the payment. The page said if the demands were not met, criminal charges would be filed and my computer would remain locked on that screen.
The Reveton virus, used by hackers in conjunction with Citadel malware-a software delivery platform that can disseminate various kinds of computer viruses-first was brought to the attention of the FBI in 2011. A warning was issued then and since that time, this particular virus quickly became widespread both here and on an international level. A secondary concern is what happens once a user actually uses his credit card to “pay the ransom”. Some variants of Reveton can even turn on computer webcams and display the victim’s picture on the frozen screen.
“We are getting dozens of complaints every day,” Gregory said, noting that there is no easy fix if your computer becomes infected. “Unlike other viruses,” she explained,
Reveton freezes your computer and stops it in its tracks. And the average user will not be able to easily remove the malware.
Make no mistake: This is an attempt to extort money with the additional possibility of the victim’s computer being used to participate in online bank fraud. If you have received this or something similar, under no circumstances should you follow payment instructions.
Meanwhile, Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting international travelers through pop-up windows while they are establishing an Internet connection in their hotel rooms. Their computers are being infected while using these hotel internet connections. In most instances, the traveler was attempting to set up the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available. From there, information such as user names, passwords and even credit card information is easily stolen.
The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products through their hotel Internet connection. Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack. The FBI also recommends that travelers perform software updates on laptops immediately before traveling, and that they download software updates directly from the software vendor’s website if updates are necessary while abroad.
If you do become a victim of Reveton or any other similar crime, the FBI recommends:
Do not pay any money or provide any personal information such as your credit card number or banking information.
Contact a computer professional to remove Reveton and Citadel from your computer.
Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background. Certain types of malware have been known to capture personal information such as user names, passwords, and credit card numbers through embedded keystroke logging programs.
You can file a complaint and look for updates about the Reveton virus on the FBI website at fbi.gov.