Reveton/FBI ransomware - exposed, explained and eliminated [VIDEO]

Filed Under: Featured, Malware, Video

Ransomware is malicious software that locks you out of your computer or your data, and demands money to let you back in.

One "brand" of ransomware, widely known as Reveton, has been very widely circulated in recent months.

Reveton pretends to be a warning from your country's national police service, locks you out of your PC, and threatens criminal proceedings within 48 hours - usually for unspecified copyright offences.

Of course, you can bypass the prosecution if you pay a "fine" to the cybercriminals. The amount they extort is typically about $200.

If you run across this sort of malware, it's tempting just to wear the cost and hope that the crooks live up to their promise of giving your PC back.

We recommend that you don't do that, so here's a short video to advise you, and your friends and family, on what to do instead:

(Enjoy this video? Check out more on the SophosLabs YouTube channel.)

Remember: an up-to-date and active anti-virus, combined with prompt software patching to close known holes, makes things much harder for the Bad Guys.

So give yourself the best chance of safety by taking security seriously!


, , , , , , , , , ,

You might like

29 Responses to Reveton/FBI ransomware - exposed, explained and eliminated [VIDEO]

  1. lewis · 1134 days ago

    Great video thanks for explaining i have just showed this ina presentation to my team

  2. Nigel · 1133 days ago

    Very informative. Thanks!

  3. I'm just curious. What happen if you DO pay up? Will they unlock you or just say "sucker!" and leave you locked?

    • Daniel · 1132 days ago

      I wouldn't even try it

    • Highsider · 1032 days ago

      Since you don't even know who or where "they" are, do you seriously think "they" will do anything except take your money?

  4. Jack · 1132 days ago

    Why should they do anything? I was wondering about a Windows PC, any suggestions or are they (we, us) SOL? Good video though!

  5. Trev · 1129 days ago

    nice one Dave, thanks for your help.

  6. Nailer · 1128 days ago

    how is it that the FBI isn't so pissed off about this that they try to find out where the money is going

  7. Cynthia Heaven Wheeler · 1114 days ago

    Hahaha someone at work had that happen. :p

  8. Debbie Gray · 1114 days ago

    Not funny!! poor people who pay it!!!!

  9. Erik Belknap · 1114 days ago

    Where can a person get a bootable CD to do the scan?

  10. Jmicron Wong · 1114 days ago

    any way

  11. Larry Wilson · 1114 days ago

    search online Erik, or go to the sophos website for theirs. There are downloadable files from them that will create a bootable CD. I believe that most anti-virus programs have a utility for creating a bootable revovery CD, you might check your current software to see if it will

  12. Kris Hepner · 1114 days ago

    Don't pay, because they don't want your money, they want your payment information; they won't give your computer back, so you'll have to take it to a shop anyway, and by the time you do, the crooks will have drained your account or maxed out your card.

  13. Dave Scarbrough · 1114 days ago

    You can also make your own from AVG or several other reputable companies online.

  14. Katrina Dennehy · 1114 days ago

    AVG ? Norton is way better in my opinion.

  15. RoyalandDonna Senter · 1114 days ago

    Check this out - real good imputed security advice

  16. Loqqy Free · 1114 days ago

    Norton? Seriously.... Microsoft Essentials would be better than that.

  17. Steven Mcgovern · 1114 days ago

    norton is garbage so is mca****

  18. Kathryn Sederquist · 1114 days ago

    Norton Power Eraser is pretty good at getting rid of ransomware and heavy malware infections. That and the Norton Removal Tolls are the best 2 applications they make :P

  19. Andrew · 1107 days ago

    So what happens if you just leave your computer alone for 3 days and don't pay anything?

  20. WindowsJoke · 1105 days ago

    Anyone dumb enough to use Window$ deserves a fine.

    Ubuntu Linux, no viruses, no malware, no pricetag.

    • Siegfried · 1085 days ago

      Dear Joke,

      In the video they used a Sophos Linux removal tool. Anyone anal enough to use a cumbersome OS like Linux deserves a virus.


      • SecurityParanoid · 1050 days ago

        Sorry to burst your bubble but they meant the Operating system that was used by the anti-virus software (SOPHOS) was a Linux operating system. The infected system was still a Windows (XP I believe) system. When your computer gets infected by malware it is often recommended to boot from another clean system which often comes in the form of a bootable anti-virus CD. The bootable CD has a stripped down operating system (often a Linux one) that will allow the anti-virus to run and do its job. If you try to clean active malware within the infected operating system the malware may often have self-defence features that make this very difficult if not impossible. Active malware will often load on infected operating systems as part of the loading process and will be weary of other programs trying to delete it and prevent such deletions from happening. By using a different operating system to perform the antivirus scan and deletion, the malware is effectively 'sleeping' and will be unaware that something is trying to delete it.

  21. Tom · 1096 days ago

    Except the new randsomeware uses public key encryption (RSA) to encrypt the symmetric key used to encrypt your data, which was chosen in random when the virus triggered. So the anti-virus won't get you your files back. It would've prevented it in the first place if it was there though. And you could also get your files back if you had any sort of backup.

    In short, if you got infected and have no backups, these files are probably as good as gone.

  22. Birch · 807 days ago

    I wonder if this is some form of censor by hacking since it appears to reside in porn sites. The money siphoned from unaware victims going to support an organization's moral crusade. I'm just wondering.

  23. Anonymous · 572 days ago

    someone should do something about the virus and stop it once and for all

    • Paul Ducklin · 572 days ago

      It's not one virus - it's a whole, evolving family of them. So there isn't a "silver bullet" that will deal with all possible forms this thing could take.

      That would be a bit like saying, "Hey, there's a lot of burglary going on around the country. We should catch the burglar and then it will all stop..."

  24. Kieran Hingston · 550 days ago

    I have encountered this virus on a mac., which I am not familiar with, so do not know how these equate with the programs on the mac. How do I stop the virus on a mac.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog