DALLAS (CN) – CVS Caremark, Kmart, Kroger, Walmart, Walgreens and 7-Eleven are helping criminals collect ransom payments for hijacking computers with a virus, a crime victims advocacy group claims in a proposed class action.
MoneyPak Crime Victims LLC sued the retailers and Green Dot Corp. in Dallas County Court on Tuesday. It claims criminals posing as law enforcement use Reveton virusware to infect and lock their computers, and then demand a ransom or “fine” be paid through Green Dot’s MoneyPak prepaid cards that are purchased from the retailers.
“The ransom payments were made to defendants in order to ‘unlock’ computers that had been rendered inoperable by ‘MoneyPak – Ransomware,'” the complaint states. “At the time the computers were ‘locked,’ messages appeared on the computer screens stating that the computers would remain ‘locked’ and inoperable until a MoneyPak was purchased from defendants and a ransom payment was deposited into the MoneyPak.”
Once paid, the criminals would unlock the computer, according to the class-action petition.
“MoneyPak is not a bank account, not a credit card not a debit card and not FDIC insured,” the complaint states. “MoneyPak is primarily a criminal instrument designed by its owner, Green Dot Corp., for use by criminals in collecting ransom payments by victims of extortion, [and in] engaging in drug trafficking, money-laundering, pornography, tax evasion, bribery, embezzlement and other crimes.”
The victims’ advocate says MoneyPak also violates the U.S. Patriot Act by failing to verify and record information that identifies each person opening an account.
In January, the plaintiff filed a request for pre-suit depositions against the defendants. It said victims were charged $4.95 for each MoneyPak card and deposited $300 in ransom on each card.
The plaintiff said Green Dot and retailers have been warned repeatedly by the FBI that the cards are being used to collect ransom, and that Walmart, Target, Kmart, Tom Thumb, Albertson’s, Exxon and other “reputable retailers” have stopped selling them.
“However, 7-Eleven, CVS Pharmacy, Walgreens and Kroger ignored the FBI warnings and continued to sell MoneyPak cash cards and collect ransom payments,” the advocacy group said.
The group still named Kmart and Walmart as defendants, however.
In April 2012, an early variation of the virus posed as European authorities, such as federal police in Spain, Russia and Poland, according to Internet security firm F-Secure.
“To unlock their computer, the user is asked to purchase a Paysafecard from a local convenience store chain (in Finland, it’s R-Kioski) in the amount of 100 euros,” F-Secure said in an online warning.
“The technique is effective, as even non-technical people who might not be able to use online payment services such as Webmoney or eGold will be able to walk to the nearest store to part with their money.”
The newest version of the virus uses the name of the Internet Crime Complaint Center to frighten victims into sending money, the FBI said in a November e-scam alert.
“In addition to instilling a fear of prosecution, this version of the malware also claims that the user’s computer activity is being recorded using audio, video, and other devices,” the FBI said. “It lures the victim to a drive-by download website, at which time the ransomware is installed on the user’s computer. Once installed, the computer freezes and a screen is displayed warning the user they have violated United States federal law. The message further declares that a law enforcement agency has determined that a computer using the victim’s IP address has accessed child pornography and other illegal content.”
The plaintiffs seek disgorgement of all ransom payments they have made.
They are represented by Ross Teter of Dallas