Some versions of the threat hijack the webcam to take pictures of the victim

Aug 10, 2012 11:36 GMT  ·  By

The FBI’s Internet Crime Complaint Center (IC3) is becoming flooded with complaints received from Internet users who’ve had their computers locked down by a malicious computer virus. The main actor in these incidents is none other than the Reventon ransomware.

“Your PC is blocked due to at least one of the reasons specified bellow,” reads the message that appears on screens, apparently coming from the FBI.

“You have been violating Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article I, Section 8, Clause 8, also known as the Copyright of the Criminal Code of United States of America.”

Here’s how one of the victims described an incident:

The window was labeled FBI and said I was in violation of one of the following: illegal use of downloaded media, under-age [expletive] viewing, or computer-use negligence.

It listed fines and penalties for each and directed me to pay $200 via a MoneyPak order. Instructions were given on how to load the card and make the payment. The page said if the demands were not met, criminal charges would be filed and my computer would remain locked on that screen.

Some variants (creepy ones, we might add), take over the webcam, take a picture of the computer’s owner, and display it on the locked screen.

The organization issued a warning regarding Reveton in May 2012, but the number of infections has increased considerably since.

“Some people have actually paid the so-called fine. We are getting dozens of complaints every day,” said Donna Gregory of the IC3.

It’s highly recommended that users don’t give in to the demands made by the crooks. The best thing to do is to call a professional to remove the malware, and file a complaint on the IC3’s website.

Experts say that the worst thing one can do is actually pay the fine demanded by the malicious element. They also warn that such ransomware can still operate in the background even if the user manages to unlock the device.