Reveton ransomware now steals passwords and credentials

Ransomware is one of the uglier threats that security professionals have to deal with. Unfortunately there’s a new version in the wild.

Security vendor Avast reported Tuesday that the Reveton ransomware that for a while has locked up infected PCs until a payment is made has been upgraded into a powerful password and credential stealer. It’s authors have done it by adding the latest version of the Pony Stealer malware.

It makes turns a computer into a botnet client, Avast noted in a blog. The most common infection is through well-known exploit kits like FiestaEK, NuclearEK, SweetOrangeEK and others.

“Reveton use one of the best password/credentials stealer on the malware scene today,” says Avast. “Pony authors conduct deep reverse engineering work which results in almost every password decrypted to plain text form. The malware can crack or decrypt quite complex passwords stored in various forms.

“The stealer includes 17 main modules like OS credentials, FTP clients, browsers, email clients, instant messaging clients, online poker clients, etc and over 140 submodules.”

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web