We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Reveton 'police ransom' malware gang head arrested in Dubai

Campaign extorted money from countless victims

A Russian man accused of being a key figure behind the notorious and hugely successful Reveton 'police ransom' malware that successfully blackmailed thousands of PC users across the world has been arrested in Dubai, Spanish police have announced.

Unpicking exactly what has happened here will be difficult - such gangs are global concerns with multiple outlets - but the arrest could be of major significance.

According to security firm Trend Micro, which said it had collaborated in tracking down the perpetrators, police traced the unnamed man through its payment channel which funnelled through Spain.

Payment is the one weakness for ransom malware, which depends on typically blackmailing its PC victims into sending money in order to have control of their PCs unlocked and 'returned' to them.

Reveton's attack method was to convince infected users that they had been detected as having committed a non-existent computer crime and that they should pay a fine to a police force localised to the victim's home country.

Failure to do so would render the PC unusable or make it impossible to access files bar the ability to open a web browser in order to pay the ransom.

This was accepted in PaySafeCard/UKash vouchers, which were, Trend said, laundered into real cash before being forwarded to the arrested man's gang.

Police said the Spanish operation netted one million euros per year, likely only a fraction of what was being made globally. A further ten people associated with the operation were also picked up, including Ukrainians, Russians and Georgians, police said.

"These arrests are a tremendous result from the ongoing work and collaboration between the Spanish police and Trend Micro's eCrimes unit which works extensively and collaboratively with law enforcement authorities across the globe," said Trend Micro.

The exact number of victims will likely never be known - and new victims are still being claimed by Reveton even now - but must run to hundreds of thousands at a minimum.

In August, the FBI warned US consumers about Reveton after being "inundated" with reports of infections.

Ransom malware has grown into a major headache for police forces, partly because it has affected the SME sector especially badly, sometimes in conjunction with targeted attacks on small businesses, including one small Australian medical centre that had its entire database encrypted.

Exactly how many crime hubs are using the ransom technique is hard to know; Reveton is certainly not the only such campaign out there. A recent Symantec estimated the profits from ransom attacks as being huge.

It is unlikely that the arrests will make more than an important dent in both Reveton or ransomware in general.

"Before we all start celebrating, it must be said that in our opinion, based on our research of the Police Virus [Reveton], there is more than one group behind the attacks," commented Luis Corrons of antivirus firm Panda Security.

"We've reached this conclusion after having studied multiple variants of this malware over time and having detected numerous striking differences among them."

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model