Extortionists upgrade Reveton ransomware

Cyber criminals behind the global 'Reveton' ransomware campaign have been forced to upgrade their scheme as their favoured debit card is removed from the market.

Reveton causes the computers of infected users to lock onto a notice purportedly from local law enforcement, which demands money before the device can be unlocked.

New samples of the Reveton ransomware discovered today sport refreshed lock screens, and demand new payment methods.

Security researcher Kafeine noted the upgrade and believes it has been triggered by pre-paid debit card vendor Green Dot's recent decision to stop selling the MoneyPak card.

MoneyPak cards had been popular with online criminals, and were used by the Reveton blackmailers over the past years.

The Reveton criminals now demand payment with Ukash and Paysafe cards, which are available in convenience stores.

The Reveton lock screen for Australia. Source: Kafeine

In Australia, the Reveton lock screen threatens users with prison time and large fines for accessing illegal pornography.

The threat says the user's browser has been "blocked up for safety reasons" and all files are encrypted by the Australian Federal Police. To unlock the computer, users are asked to pay an A$100 ransom.

At this stage, no further analysis has been done on the Reveton ransomware itself to see if too has been refreshed.

The ransomware has been around since 2010-2011 and is in active development. In August last year, the criminals behind Reveton upgraded the ransomware with the Pony Stealer module that captures user credentials from applications, German internet banking sites and many applications.

Reveton can be removed with anti-virus software or through manual deletion of malicious files, with no ransom paid.