2013-04-02 - Evolution

Reveton "Spring Collection" is ... disappointing - New countries Targeted

So here, the big news is in fact that South America is now a potential target for Cool EK and Reveton cause they have updated the design of their Ransomware, adding new countries. But we can't call this "Spring Collection" for sure...

Reveton US 2013-04
Same design as Urausy (but video on the left)...kind of disappointing...
Knowing that Urausy Design is itself inspired by Reveton Design from Past summer...
It looks like one "designer" is becoming the only one in the game now.
One more
Reveton FR 2013-04
and if you wonder how other countries look like just refer to Urausy Collection. (am slowly updating botnets.fr Reveton page too)

So this move allow Reveton team to target more countries (we can suppose same as Urausy Team), for instance :

Argentina :

Reveton AR 2013-04
and Mexico
Reveton MX 2013-04
Expect : NZ, BO, EC, AR, UY

C&C Redirector now ?


Reveton Calling Home

Files ?

4 samples (OwnCloud via Goo.gl) 
In that zip you'll find :
f1bf137d73d5323a2d71d921bd99ca42 (a downloader (CVE-2013-0634 dropped) )
1669bbd10bc2f350f7d450e0969a5a8a
445af5fec3322d5e3a04690e30322d79
d182165a9e6ec130932c2273870d2eda

Reading :

Don’t Pay Up – How To Beat Ransomware! - 2013-04-05 - MakeUsOf - Guy McDowell