View All R&D Articles

Reveton Ransomware Infection Recovery Services

September 6, 2016

Reveton is a type of ransomware that locks the screen of an infected computer. The locked screen displays a message that appears to be from an official federal agency, but is actually from a scammer. This fraudulent message demands payment of a fine, but it’s actually a ransom since the money is going to the scammer, not a government agency.

If you believe that Reveton has infected your computer, call at 1-800-237-4200 to discuss your options. Our security specialists can determine how to unlock your screen and remove all Reveton malware in a quick and secure way. Read on for more information about Reveton ransomware.

What is Reveton Ransomware (And How Does It Work)?

Most ransomware works by encrypting files, locking them away and preventing access without the appropriate key. However, Reveton uses scare tactics instead of sophisticated encryption methods.

Reveton simply locks a computer’s screen on a fraudulent message that says it is from an official agency. According to the message, the infected computer has been locked because it was involved in illegal activity. The victim’s actual data remains intact.

Reveton ransomware has the following attributes:

  • It locks the infected computer’s screen to display fraudulent message supposedly from Homeland Security, Department of Justice, FBI, or other official agency. This message attempts to scare the victim by listing a variety of serious crimes, such as supporting terrorism, gambling, or possessing child pornography.
  • The program runs as a .dll file, as opposed to an executable (.exe) file. As a result, Windows Task Manager is not helpful in identifying the malware.
  • The program demands a ransom of anywhere from $100 and up. While many ransomware programs request money via Bitcoin, Reveton requests funds via a prepaid card called a MoneyPak.
  • The screen contains the logos of stores that sell MoneyPak cards, which for some users may add a sense of legitimacy.

Reveton works by threatening the victim and imposing a 48-hour time limit on their response. Panicked victims might pay the ransom just to be sure they don’t get in trouble, or because they cannot find a way to unlock the screen other than entering the MoneyPak account number.

The scammers make the ransom page appear legitimate by including actual logos of official agencies and, in some variants, by listing real U.S. laws. The logos of convenience stores are a tipoff that the page is not an actual government website, but panicked victims may overlook this detail.

How Does Reveton Ransomware Infect My System?

Reveton infects computers when a user visits a hacked website. Because the malware utilizes exploits in older versions of certain programs, you should be sure to keep your computer up to date.

Once Reveton infects a computer, it starts automatically every time the victim logs into Windows, so restarting the computer will still land them on the same locked screen. Seeing the same screen pop up again and again can cause victims to panic and pay the ransom.

Reveton preys on victims panicking, so remember that no official agency would lock a computer and demand payment via a prepaid card from a convenience store. You should also remember that paying the fine won’t necessarily unlock your computer or remove the malware.

Can I Disable Reveton Ransomware?

Reveton can be removed, but it is a cumbersome process that is best completed by a malware expert. Mishandling the process could result in data loss or security risks. The specialists at can plan how to best remove the ransomware from your computer and make sure it is clear of all other viruses.

Remember, it may be possible for you to unlock your screen without removing all of Reveton’s spyware. For this reason, we recommend calling our security experts for more information about removing Reveton. Our specialists can get your computer back to its original condition and help protect it from future attacks. Call 1-800-237-4200 to get started.