Ransomware is malicious software that locks you out of your computer or your data, and demands money to let you back in.
One “brand” of ransomware, widely known as Reveton, has been very widely circulated in recent months.
Reveton pretends to be a warning from your country’s national police service, locks you out of your PC, and threatens criminal proceedings within 48 hours – usually for unspecified copyright offences.
Of course, you can bypass the prosecution if you pay a “fine” to the cybercriminals. The amount they extort is typically about $200.
If you run across this sort of malware, it’s tempting just to wear the cost and hope that the crooks live up to their promise of giving your PC back.
We recommend that you don’t do that, so here’s a short video to advise you, and your friends and family, on what to do instead:
(Enjoy this video? Check out more on the SophosLabs YouTube channel.)
Remember: an up-to-date and active anti-virus, combined with prompt software patching to close known holes, makes things much harder for the Bad Guys.
So give yourself the best chance of safety by taking security seriously!
29 comments on “Reveton/FBI ransomware – exposed, explained and eliminated [VIDEO]”
Great video thanks for explaining i have just showed this ina presentation to my team
Very informative. Thanks!
I'm just curious. What happen if you DO pay up? Will they unlock you or just say "sucker!" and leave you locked?
I wouldn't even try it
Since you don't even know who or where "they" are, do you seriously think "they" will do anything except take your money?
Why should they do anything? I was wondering about a Windows PC, any suggestions or are they (we, us) SOL? Good video though!
nice one Dave, thanks for your help.
how is it that the FBI isn't so pissed off about this that they try to find out where the money is going
Hahaha someone at work had that happen. :p
Not funny!! poor people who pay it!!!!
Where can a person get a bootable CD to do the scan?
search online Erik, or go to the sophos website for theirs. There are downloadable files from them that will create a bootable CD. I believe that most anti-virus programs have a utility for creating a bootable revovery CD, you might check your current software to see if it will
Don’t pay, because they don’t want your money, they want your payment information; they won’t give your computer back, so you’ll have to take it to a shop anyway, and by the time you do, the crooks will have drained your account or maxed out your card.
You can also make your own from AVG or several other reputable companies online.
AVG ? Norton is way better in my opinion.
Check this out – real good imputed security advice
Norton? Seriously…. Microsoft Essentials would be better than that.
norton is garbage so is mca****
Norton Power Eraser is pretty good at getting rid of ransomware and heavy malware infections. That and the Norton Removal Tolls are the best 2 applications they make 😛
So what happens if you just leave your computer alone for 3 days and don't pay anything?
Anyone dumb enough to use Window$ deserves a fine.
Ubuntu Linux, no viruses, no malware, no pricetag.
In the video they used a Sophos Linux removal tool. Anyone anal enough to use a cumbersome OS like Linux deserves a virus.
Sorry to burst your bubble but they meant the Operating system that was used by the anti-virus software (SOPHOS) was a Linux operating system. The infected system was still a Windows (XP I believe) system. When your computer gets infected by malware it is often recommended to boot from another clean system which often comes in the form of a bootable anti-virus CD. The bootable CD has a stripped down operating system (often a Linux one) that will allow the anti-virus to run and do its job. If you try to clean active malware within the infected operating system the malware may often have self-defence features that make this very difficult if not impossible. Active malware will often load on infected operating systems as part of the loading process and will be weary of other programs trying to delete it and prevent such deletions from happening. By using a different operating system to perform the antivirus scan and deletion, the malware is effectively 'sleeping' and will be unaware that something is trying to delete it.
Except the new randsomeware uses public key encryption (RSA) to encrypt the symmetric key used to encrypt your data, which was chosen in random when the virus triggered. So the anti-virus won't get you your files back. It would've prevented it in the first place if it was there though. And you could also get your files back if you had any sort of backup.
In short, if you got infected and have no backups, these files are probably as good as gone.
I wonder if this is some form of censor by hacking since it appears to reside in porn sites. The money siphoned from unaware victims going to support an organization's moral crusade. I'm just wondering.
someone should do something about the virus and stop it once and for all
It’s not one virus – it’s a whole, evolving family of them. So there isn’t a “silver bullet” that will deal with all possible forms this thing could take.
That would be a bit like saying, “Hey, there’s a lot of burglary going on around the country. We should catch the burglar and then it will all stop…”
I have encountered this virus on a mac., which I am not familiar with, so do not know how these equate with the programs on the mac. How do I stop the virus on a mac.