WASHINGTON (12/3/12)--Cybercriminals using the Citadel malware platform to deliver Reveton ransomware are deploying a new extortion technique. The most recent version of the ransomware uses the name of the Internet Crime Complaint Center (IC3) to frighten victims into sending money to the perpetrators.
Besides creating a fear of prosecution, the malware claims the user's computer activity is being recorded with audio, video and other devices, IC3 said. IC3 is an interagency website that tracks cybercrimes and frauds.
The malware lures the victim to a drive-by download website, and installs the ransomware on the user's computer. Once installed, the computer freezes and a screen displays a warning that the user has violated U.S. federal law. The message declares that a law enforcement agency has determined that a computer using the victim's Internet provider
address has accessed child pornography and other illegal content.
To unlock the computer, the user is instructed to pay a fine with prepaid money card services. The geographic location of the user's personal computer determines what payment services are offered. In addition to installing the ransomware, the Citadel malware continues to operate on the compromised computer and can commit online banking and credit card fraud.
"This is not a legitimate communication from the IC3, but rather is an attempt to extort money from the victim," said IC3's website. Users receiving such messages or something similar they should not follow payment instruction.
Instead, IC3 suggested they should:
- File a complaint at www.IC3.gov ;
- Keep operating systems and legitimate antivirus and antispyware software updated; and
- Contact a reputable computer expert to assist with removing the malware.