A quick guide to Reveton ransomware
The name of Reveton has long since stopped causing panic, but the history of Reveton ransomware gives an interesting insight into ransomware in general, why it works, and what to do about it. With that in mind, here is a quick guide to Reveton ransomware.
A brief history of Reveton ransomware
Reveton is an infamous ransomware Trojan, which was used in a spate of attacks, mostly in Europe, throughout 2012. It was mostly distributed via “drive-by” downloads hosted on adverts for adult websites. Reveton used the lockware approach, typically referencing illegal activity and branding the message with a localized police logo. This led to it becoming known as the Police Trojan.
As a form of lockware, Reveton did not cause any actual damage and could be removed by booting into safe mode and either having an anti-malware product scan the computer or restoring to a previous time to remove the virus (and then having an anti-malware product scan the computer).
Although Reveton itself has been largely inactive since 2012, it has inspired both cybercriminals and law-enforcement agencies. The former have taken note of how technically-unsophisticated software can be massively effective when coupled with sophisticated social-engineering techniques. The latter have focussed on trying to get to the root of cybercrime by finding the cybercriminals.
It says a lot about the reality of cybercrime that the quantity of malware just keeps on growing, with ransomware, in particular, being not just big business, but massive business. By contrast, so far only one of the major players in the Reveton scam has been arrested.
It also has to be noted that this was probably in no small part because they lived in the UK, which has fairly strong cybercrime laws and relatively effective enforcement. Even there, however, it took until August 2019 for the police to get a conviction. The other members of the gang, who are believed to be in Russia, are also believed to be still at large.
Reveton and the development of ransomware
One of the interesting aspects of Reveton ransomware is that it highlights the fact that much ransomware is, actually, much more about scare-tactics than technical sophistication. In fact, the very name "scareware" makes this clear and lockware is really just a slightly more advanced version of scareware.
That said, while encryption ransomware may form a small percentage of all ransomware, it can most certainly do a lot of damage so it's important to be prepared for it.
Protecting against ransomware
Realistically, protecting against ransomware means doing everything possible to minimize the likelihood that you will get infected in the first place, but also accepting the reality that, even so, you may fall victim to it and hence need to make sure that any damage will be minimized.
You must have a robust anti-malware program with an integrated firewall
To spell this out clearly, it is extremely risky to rely on the default security programs provided by all the main operating systems. Malware in general is on the increase and some of it is already very sophisticated. Ransomware, in particular, tends to work to a very high standard either in terms of social engineering or in technicality (or in some cases both). This means that you need protection which is backed by an actual security company, rather than a general software developer.
These days the most sensible option for both individuals and organizations is to go for a cloud-based anti-malware product with an integrated firewall. This gives you the two key cybersecurity protections in one (without compromising performance) and makes sure that updates (which will be frequent) are dealt with by the vendor, thus saving you a job. Cloud-based products also reduce the load on local devices, which is handy on computers and even more useful on mobile devices.
You need to store your data with an encryption ransomware attack in mind
First of all, you absolutely must store all sensitive data encrypted. This will do precisely nothing to stop a ransomware attack, but it will stop cybercriminals from stealing your data as well. Even if you pay the ransom, there is really nothing to prevent them from keeping a copy of it. If you refuse to pay the ransom, they may use the threat of exposing your data to put pressure on you to do so (and if you continue to refuse, they may carry out their threat).
Secondly, you need an off-site data backup (if you’re in the cloud then this means somewhere other than your main cloud). It doesn’t have to be off-line but it does have to be entirely separate from your local backup. Local backups are very vulnerable to compromise if the production system is infected.
Please click here now to start your free 30-day trial of Comodo AEP.