Case Study -

The Reveton Ransomware Attacks

In August 2012, the Internet Crime Complaint Center (IC3), a partnership between the FBI and the National White Collar Crime Center, was inundated with reports of a new type of cybercrime. Victims across the United States reported that while searching the Internet, their computers locked up, and they received the following message, purportedly from the FBI: This operating system is locked due to the violation of the federal laws of the United States of America! (Article 1, Section 8, Clause 8; Article 202; Article 210 of the Criminal Code of U.S.A. provides for a deprivation of liberty for four to twelve years.) The message then accused the victim either of visiting pornography Web sites or of distributing copyrighted content. Victims were told they could unlock their computers and avoid prosecution by paying a fine of $200 within 72 hours of receiving the message. The message came replete with the official FBI logo. The incident pointed to a steep rise in ransomware attacks. Ransomware is malware that disables a computer or smartphone until the victim pays a fee, or ransom. Unlike other viruses, the Reveton version of ransomware is not activated by opening a file or an attachment. Rather it is an example of drive-by malware, viruses that download automatically when a user visits an infected Web site. The FBI immediately issued an alert, but within a month, cybersecurity experts had identified 16 variants of the ransomware. These viruses had infected 68,000 unique IP addresses. It is estimated that on an average day, about 170 victims paid the $200 fee and received valid unlock codes. The compromised computers could not be fixed through the installation or updating of antivirus software because the computer was locked. Because so many home PC owners fail to back up their systems regularly, many victims faced losing a significant amount of data. The $200 fee itself was low enough to encourage payment. A visit to a professional IT service to repair the damage could potentially cost the same amount and take more time to resolve. A quick payment through a prepaid money card system, such as MoneyPak, could save the victim a lot of trouble. The United States was not the first country to be hit by these attacks. In early 2012, criminal gangs targeted France, Germany, and the United Kingdom. Ransomware attacks first broke out in Russia in 2009. Since that time, they have spread to almost every country on the globe, hitting the United States and Japan especially hard. Symantec, an IT security company, estimates that gangs are extorting over $5 million per year from online victims. The rise of ransomware attacks is, no 2 doubt, due in part to their success. In France, for example, almost 4 percent of victims coughed up the ransom money during a non-Reveton scam. The Reveton ransomware is delivered by the popular Russian-language Citadel malware toolkit. The latest version of Citadel can also grab passwords from Web browsers and change Web sites to trick users into handing over their login information. In December 2012, the United Kingdom arrested three people they believed were involved in the Reveton ransomware attacks. Finding the perpetrators, however, is unusual and is not the most effective way to combat this crime. Law enforcement agencies and IT security companies have urged the public to take measures to prevent themselves from falling victim to such attacksby keeping software such as Java, Acrobat Reader, Adobe Flash, Windows, and their browser software updated. An early Reveton ransomware attack made use of a vulnerability in a version of Java that had just been patched a month prior. Computer users can also avoid infections by using security software that identifies suspicious Web sites, and by not clicking online ads from dubious companies. Perhaps, however, the best way to avoid the spread of these attacks is to encourage victims to report the crime and to refuse to comply with the ransom demands.

Question to Consider

2. What can you do to prevent ransomware attacks on your own computer? (please make it 300 words )

Source: Dan Goodin, Mushrooming Ransomware Now Extorts $5 Million a Year, Ars Technica, November 8, 2012, http://arstechnica.com/security/2012/11/mushrooming-growthofransomware-extorts-5-million-a-year; Federal Bureau of Investigation, New Internet Scam, August 9, 2012, www.fbi.gov/news/stories/2012/august/new-internet-scam; Gavin OGorman and Geoff McDonald, Ransomware: A Growing Menace, Symantec, www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/ransomwarea-growing-menace.pdf; Inside a Reveton Ransomware Operation, KrebsOnSecurity, August 12, 2012, http://krebsonsecurity.com/2012/08/inside-a-reveton-ransomware-operation; Matthew J. Schwartz, Ransomware Pays: FBI Updates Reveton Malware Warning, InformationWeek, December 3, 2012, www.informationweek.com/security/vulnerabilities/ransomware-pays-fbi- 3 updates-reveton-malw/240143047; Trio Arrested in Staffordshire over Ransomware Scam, BBC News Technology, December 14, 2012, www.bbc.co.uk/news/technology-20724810; Andrew Brandt, Ransomware Debuts New Java Exploit, Sends Victims Running for MoneyPak Cards, Solera Networks Labs, July 10, 2012, www.soleranetworks.com/blogs/ransomwaredebuts-new-java-exploit-sends-victims-running-for-moneypak-cards.