Ransomware powered by the Reveton malware family, which is based on Citadel, is highly popular among cybercriminals as it helps them fraudulently earn millions of dollars each year. However, experts say Reveton has started to lose popularity in favor of other pieces of ransomware, such as Urausy.
Urausy is not different from other ransomware. It locks up an infected computer’s screen and informs the owner that his/her device has been locked up by a law enforcement agency.
It instructs victims to pay a so-called “fine” if they want to have their computers unlocked.
According to experts from AlienVault, who have thoroughly analyzed Urausy, cybercriminals spread the threat with the aid of exploit kits such as Cool EK of BlackHole.
Urausy has been designed to make it difficult for researchers to analyze it. Once it detects the presence of a sandbox environment, the malware immediately changes its behavior.
Additional technical details on how Urausy works are available on AlienVault’s blog.