2013-02-18 - Evolution

Reveton: Winter Collection II - Design refresh, ICE and EC3 logo

One week ago Urausy refreshed their design. So is doing Reveton team with lighter ones. (I will refer to these design as Winter Collection II )

Reveton Winter Collection II in one Image
(too small ? - http://goo.gl/kOLtV - 9mb )

(By the way : No ! Reveton team has not been arrested...the key guy arrested past week by Spanish Police is the guy that was behind Ransom.EY (named Ransomgerpo by Symantec) and I was surprised with what i read here and there...in my opinion this is very far from being the most sophisticated Ransomware group... 3-4 ips for the C&C in months. The architecture is not as evolved as the one from Urausy or Reveton team. Anyway props to Spanish Police and Europol !)

What's new ?
As Urausy introduced it, EC3 logo, Hadopi, ICSPA :

EC3 logo in some European design of Reveton Ransomware
(CH,CY, CZ, DE, ES, FI, FR, GR, HU, IE, IT, LU, LV, NL, NO, PL, PT, RO, SE, SI,TR, UK)

Hadopi Logo for French citizen

ICSPA in AU,UK design

400$ (!?!) in United States and ICE impersonation :

ICE logo in US (and interpol too)

400$ for US citizen.... o_0

Australia :

Reveton AU 2013-02

Austria :

Reveton AT 2013-02

Canada :

Reveton CA 2013-02

Cyprus :

Reveton CY 2013-02

Czech Republic :

Reveton CZ 2013-02

Denmark :
18/02/13 - Design not updated. Still in Winter Collection I

Finland :

Reveton FI 2013-02

France :

Reveton FR 2013-02
See new Hadopi logo as in Urausy Design

Germany :

Reveton DE 2013-02

Greece :

Reveton GR 2013-02

Hungary :

Reveton HU 2013-02

Ireland :

Reveton IE 2013-02

Italy :

Reveton IT 2013-02

Latvia :

Reveton LV 2013-02

Luxembourg :

Reveton LU 2013-02

Netherlands :

Reveton NL 2013-02

Norway :

Reveton NO 2013-02

Poland :

Reveton PL 2013-02

Portugal :

Reveton PT 2013-02

Romania :

Reveton RO 2013-02

Slovakia :

Reveton SK 2013-02

Slovenia :

Reveton SI 2013-02

Spain :

Reveton ES 2013-02

Sweden :

Reveton SE 2013-02

Switzerland :

Reveton CH 2013-02

Turkey:

Reveton TR 2013-02

United Kingdom :

Reveton UK 2013-02

United States :

Reveton US 2013-02

The ICE was really fast to react with a Scam Alert
http://www.ice.gov/news/releases/1302/130215washingtondc2.htm

C&C now ?

Reveton Calling Home 18/02/2013

Samples: 37b5bf76d6128743cca6accdc762e941 for instance
http://goo.gl/edIZO (OwnCloud)

Edit 1: 21/02/13 : since yesterday they are back on Reveton Winter Collection I

More about Reveton ?
See Reveton page on https://www.botnets.fr/index.php/Reveton
Kernel Mode Thread
Reveton - Winter Collection - 2012-12-21
Reveton can speak now ! - 2012-11-23
Reveton += HU, LV, SK, SI, TR (!), RO - So spreading accross Europe with 6 new Design 2012-10-29
Reveton Autumn Collection += AU,CZ, IE, NO & 17 new design - 2012-10-12
Inside a ‘Reveton’ Ransomware Operation 2012-08-13 - Brian Krebs - Krebs on Security

