Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    The perpetrators behind the police ransomware are no longer just using the reputation of law enforcement to build credibility for their schemes — they’re using those of security vendors as well.

    We’ve spotted a police ransomware variant which tells of a supposed “treaty” between the law enforcement and antivirus vendors. It even has icons of these security vendors to appear legitimate. Trend Micro detects this new ransomware variant as TROJ_REVETON.IT.

    According to our findings, the .DLL file in the malware variant contains a lock screen image which contains logos of various antivirus companies such as Trend Micro, Symantec, McAfee, Sophos, and Microsoft among others. The text goes on to say, “To make the work of the Police more effective, on December 04, 2012 the International Treaty was signed between the companies who developes anti-virus software for identification of cyber-criminals.”  Of course, this is merely a ruse to trick people into believing its legitimacy. Once the malware is executed, it locks users’ computers and displays the fake message that says “Your computer has been locked. You have broken the law, your actions are illegal and will lead to criminal liability.”

    Police ransomware is known for locking systems due to a bogus violation on the law that the users supposedly committed. They are required to pay a large fine to be able to use their computers again. We also observed that the ransomware warning page or graphic user interface (GUI) tends to change. This is probably done as part of the malware’s social engineering tactic.

    Click for larger view Click for larger view

    We previously reported on a police ransomware variant detected as TROJ_REVETON.HM that not also shows the ransomware page but also plays an audio file.

    As indicated in our research paper, police ransomware is becoming a threat landscape rather than an isolated malware incident. Stay tuned for more updates regarding this malware.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    • luckycard

      Trend Micro did not protect our PC from this attack in March, 2013.

      • TrendLabs

        Hi there, luckycard. What Trend Micro product are you using?

    • TTR

      you may check on the TROJ_REVETON.HM malware report and check for the manual solution to remove the malware.

    • dude

      how do u get rid of this ransomware ????? without paying of course


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice