A quick guide to Reveton ransomware
Updated on October 21, 2022, by Xcitium
What is Reveton ransomware?
Reveton ransomware is a type of “police ransomware” that locks a user’s screen and displays a fake law enforcement warning, demanding payment to unlock the device.
It is also known as FBI MoneyPak ransomware, because it impersonates government agencies and pressures victims to pay a fine for alleged illegal activity.
The name of Reveton has long since stopped causing panic, but the history of Reveton ransomware gives an interesting insight into ransomware in general, why it works, and what to do about it. With that in mind, here is a quick guide to Reveton ransomware.
A brief history of Reveton ransomware
Reveton is an infamous ransomware Trojan, which was used in a spate of attacks, mostly in Europe, throughout 2012. It was mostly distributed via “drive-by” downloads hosted on adverts for adult websites. Reveton used the lockware approach, typically referencing illegal activity and branding the message with a localized police logo. This led to it becoming known as the Police Trojan.
As a form of lockware, Reveton did not cause any actual damage and could be removed by booting into safe mode and either having an anti-malware product scan the computer or restoring to a previous time to remove the virus (and then having an anti-malware product scan the computer).
Although Reveton itself has been largely inactive since 2012, it has inspired both cybercriminals and law-enforcement agencies. The former have taken note of how technically-unsophisticated software can be massively effective when coupled with sophisticated social-engineering techniques. The latter have focussed on trying to get to the root of cybercrime by finding the cybercriminals.
It says a lot about the reality of cybercrime that the quantity of malware just keeps on growing, with ransomware, in particular, being not just big business, but massive business. By contrast, so far only one of the major players in the Reveton scam has been arrested.
It also has to be noted that this was probably in no small part because they lived in the UK, which has fairly strong cybercrime laws and relatively effective enforcement. Even there, however, it took until August 2019 for the police to get a conviction. The other members of the gang, who are believed to be in Russia, are also believed to be still at large.
Reveton and the development of ransomware
One of the interesting aspects of Reveton ransomware is that it highlights the fact that much ransomware is, actually, much more about scare-tactics than technical sophistication. In fact, the very name “scareware” makes this clear and lockware is really just a slightly more advanced version of scareware.
That said, while encryption ransomware may form a small percentage of all ransomware, it can most certainly do a lot of damage so it’s important to be prepared for it.
Reveton Ransomware: Protecting against ransomware
Realistically, protecting against ransomware means doing everything possible to minimize the likelihood that you will get infected in the first place, but also accepting the reality that, even so, you may fall victim to it and hence need to make sure that any damage will be minimized.
You must have a robust anti-malware program with an integrated firewall
To spell this out clearly, it is extremely risky to rely on the default security programs provided by all the main operating systems. Malware in general is on the increase and some of it is already very sophisticated. Ransomware, in particular, tends to work to a very high standard either in terms of social engineering or in technicality (or in some cases both). This means that you need protection which is backed by an actual security company, rather than a general software developer.
These days the most sensible option for both individuals and organizations is to go for a cloud-based anti-malware product with an integrated firewall. This gives you the two key cybersecurity protections in one (without compromising performance) and makes sure that updates (which will be frequent) are dealt with by the vendor, thus saving you a job. Cloud-based products also reduce the load on local devices, which is handy on computers and even more useful on mobile devices.
You need to store your data with an encryption Reveton Ransomware attack in mind
First of all, you absolutely must store all sensitive data encrypted. This will do precisely nothing to stop a ransomware attack, but it will stop cybercriminals from stealing your data as well. Even if you pay the ransom, there is really nothing to prevent them from keeping a copy of it. If you refuse to pay the ransom, they may use the threat of exposing your data to put pressure on you to do so (and if you continue to refuse, they may carry out their threat).
Secondly, you need an off-site data backup (if you’re in the cloud then this means somewhere other than your main cloud). It doesn’t have to be off-line but it does have to be entirely separate from your local backup. Local backups are very vulnerable to compromise if the production system is infected.
How Reveton Ransomware Works
- Infection
- Downloaded via malicious websites or exploit kits
- System Lock
- Blocks access to the device (screen locker)
- Fake Warning Display
- Claims illegal activity (piracy, etc.)
- Ransom Demand
- Requests payment via prepaid cards
👉 The attack relies more on fear and deception than encryption
Key Characteristics of Reveton
- Disguises as law enforcement (FBI, police, etc.)
- Locks screen instead of encrypting files
- Uses fear tactics and legal threats
- Often demands payment via prepaid vouchers
- May display IP address or webcam feed to intimidate
Types of Damage Caused
| Impact | Description |
|---|---|
| System Lockout | Users cannot access their device |
| Financial Loss | Victims may pay ransom |
| Psychological Pressure | Fear of legal consequences |
| Data Risk | Some variants include credential theft |
Reveton vs Modern Ransomware
| Feature | Reveton | Modern Ransomware |
|---|---|---|
| Attack Type | Screen locker | File encryption |
| Payment Method | Prepaid cards | Cryptocurrency |
| Technique | Social engineering | Advanced encryption |
| Complexity | Low–medium | High |
Reveton represents an early-stage ransomware model, while modern threats are far more sophisticated.
Why Reveton Matters Today
- One of the first widely spread ransomware families (2012)
- Helped pioneer Ransomware-as-a-Service (RaaS)
- Demonstrated effectiveness of social engineering attacks
Many modern ransomware campaigns still use similar fear-based tactics
How to Remove Reveton Ransomware
- Restart system in Safe Mode
- Run a full antivirus/anti-malware scan
- Remove malicious files and processes
- Restore system if needed
In many cases, paying the ransom is unnecessary and not recommended
How to Prevent Reveton Attacks
- Avoid suspicious websites and downloads
- Keep systems updated and patched
- Use endpoint protection tools
- Enable browser security controls
FAQ:
Is Reveton ransomware still active?
Reveton is less common today but remains important as an early ransomware model.
Does Reveton encrypt files?
No, Reveton mainly locks the screen instead of encrypting files.
Why is it called police ransomware?
Because it impersonates law enforcement agencies to scare victims into paying.
Please click here now to start your free 30-day trial of Xcitium AEP.
Related Sources:
(3 votes, average: 3.67 out of 5)