A new version of Ransomware is posing as the US Department of Justice (DOJ) in an attempt to extort $100 from its victims. This is a variant of the Citadel Malware called Reveton. The infections are occurring after users are lured to a drive-by download site where a dropper installs the Citadel malware , which, according to the Trusteer report, uploads Reveton's ransomware DLL from Citadel's command and control server.

This new strain locks down the host computer, displaying a fake message warning the users that their computer has been identified by the Computer Crime and Intellectual Property Section of the US DOJ for having visited websites containing child pornography or other illegal content. It makes you believe you have violated Federal law and are then prompted to pay a $100 fine to the DOJ.

The Trusteer report indicates that the Citadel malware, of which Reveton is a strain, is a descendent of the notorious Zeus Malware.

This is not all the malware is capable of. In addition to the scareware, Citadel continues to operate on the infected machine and it is possible for the criminals to enable the Citadel's man-in-the-browser, key-logging, or other malicious capabilities to commit banking or credit card fraud or steal enterprise credentials from employees.

Cyber-thieves are increasingly turning to masquerading as law enforcement and extorting victims with fake threats. There were two cases in late 2011 in which ransomware either posed as a law enforcement warning or threatened to inform law enforcement about child pornography that was "found" on a users infected machine. More recently there was a scareware campaign that attempted to convince users that they were being sued in violation of the controversial Stop Online Piracy Act (SOPA), which was never signed into law.

If you think you are infected with this malware, visit the Malware Team at MajorGeeks.