SecurityHome.eu Ransom:Win32/Reveton.V

Home / malware PDF

Ransom:Win32/Reveton.V

First posted on 26 June 2019.
Source: Microsoft
Aliases :
There are no other names known for Ransom:Win32/Reveton.V.
Explanation :
This threat is a .DLL file that displays the lock screen used by variants of the Ransom:Win32/Reveton family.

Ransom:Win32/Reveton variants arrive on your PC with a random file name. They download this .DLL file.

The .DLL file also has a random file name with the extension pad in the folder %APPDATA% or %TEMP%. This means the threat can display the lock screen message with or without Internet access.

The message in the lock screen is tailored to you location in such a way that, for example, if, based on your IP address, you're located in the US, the lock screen appears to be a message from the FBI.

Analysis by Stefan Sellmer
Last update 26 June 2019

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Ransom:Win32/Reveton.V