Posing as the US Department of Justice (DoJ), a new variant of the Citadel Malware called Reveton is responsible for a ransomware campaign that attempts to extort $100 from its victims.

The infections are occurring after users are lured to a drive-by download site where a dropper installs the Citadel malware, which, according to the Trusteer report, uploads Revton’s ransomware DLL from Citadel’s command and control server.

The Citadel strain locks-down its host computer, displaying a fake message warning users that their computer has been identified by the Computer Crime and Intellectual Property Section of the US DoJ for having visited websites containing child pornography or other illegal content, and thus, violating US federal law. In order to unlock their machines, users are prompted to pay a $100 fine to the DoJ.

Trusteer reports that the Citadel malware, of which Reveton is a strain, is a descendent of the notorious Zeus malware.

Trusteer is also reporting that, in addition to the Reveton scareware payload, Citadel continues to operate on the infected machine as well. It is possible that the criminals responsible could enable Citadel’s man-in-the-browser, key-logging, or other malicious capabilities to commit banking or credit card fraud or even target employees to steal enterprise credentials.

Masquerading as law enforcement and extorting victims with fake threats is an increasingly common trend among cyber-theives. There were two cases in late 2011 in which ransomware either posed as a law enforcement warning or threatened to inform law enforcement about child pornography that was “found” on an users infected machine. More recently their was a scareware campaign that attempted to convince users that they were being sued in violation of the controversial Stop Online Piracy Act (SOPA), which was never signed into law.

Categories: Malware

Comments (4)

  1. Anonymous

    Will AG Holder prosecute those responsible for this malware? Or will he be feckless and do nothing about it?

  2. Anonymous

    nope.  he’s not interested in actually protecting internet users.  only in ushering in the means by which to prevent social news from spreading like wildfire and being used to promote “alternate” doctrines.  ie revolutionary ideas, protest info, social awareness of social unrest.

  3. Anonymous

    This just happened to my computer at work!! Anyone know how to unlock and get rid of this?


    thank you

  4. Shelley

    I opened in safe mode then as soon as my screen came on quickly started my virus scan. It seems like it took this FBI thing awhile to start so if you go quickly you’re ok. I’m not a techy but I ‘m not “locked up” anymore. How do we get rid of Citadel thats still lurking in my pc? Good Luck.

Comments are closed.