FacebookTwitterLinkedIn

Interpol Department of Cybercrime scam

Also Known As: Departamanet of Cibercrime Ransomware
Damage level: Severe

What is Interpol Department of Cybercrime?

"Interpol Department of Cybercrime" is a ransomware computer infection, which locks the user's desktop and demands payment of a fine for purportedly watching or distributing pornography, etc. This security threat originates from a family of ransomware called "Urausy".

When this scam infiltrates your computer, it blocks the screen, stating that you have been distributing copyrighted content or that your computer might have been infected with malware that sends spam, and thus infringing the law. This deceptive message demands that you pay a fine of 100 Euros or 100 Pounds for these law infringements.

interpol departament of cibercrime ransomware

In fact, this fine is bogus. The screen locker is created by cyber criminals who make money from unsuspecting PC users who fall for their trickery and pay the fabricated fine.

Neither Interpol nor any other authorities (including the FBI, GEMA, Strathclyde Police, Department of Justice, etc.) collect fines via screen lockers. This message is fake and you should not pay this bogus fine - you will send your money to cyber criminals and your PC will remain locked.

"Interpol Departament of Cibercrime" is distributed like any other ransomware infection. Cyber criminals responsible for creating this scam use drive-by downloads and Trojans to infect Internet users worldwide.

Furthermore, these ransomware infections are able to determine the computer user's IP address and present a localized version of its deceptive message. Commonly, these infections target PC users from the USA and Great Britain, however, cyber criminals also target other countries including France and Germany.

To prevent this type of ransomware infiltrating your PC, always use legitimate antivirus and antispyware programs. If your PC is already infected with "Interpol Department of Cybercrime" ransomware, use this removal guide to eliminate it from your computer.

A fake message shown by the "Interpol Department of Cybercrime" ransomware:

Interpol Department of Cybercrime.
Attention!
Your PC is blocked due to at least one of the reasons specified below. You have been violating "Copyright and Related Rights Law" (Video, Music, Software) nd illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of World Departament of Cybercrime. Article 128 of the Criminal Code provides for a fine of 2 to 5 hundred minimal wages or a deprivation of liberty for 2 to 8 years.
You have been viewing or distributing prohibited Pornographic content (child Porn/Zoophilia and etc). Thus violating article 202 of the Criminal Code of World Department of Cybercrime.Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years.
Illegal access to computer data has been initiated from your PC, or you have been...
Article 202 of the Criminal Code provides for a fine of p to 100,000 euro 100.000 pounds and/or a deprivation of liberty for 4 to 9 years. Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law On Neglectful Use of Personal Computer. Article 210 of the Criminal Code provides for a fine of 2,000 euro 2,000 pounds to 8,000 euro 8,000 pounds. Spam distribution or other unlawful advertising has been effected from your PC as a profit-seeking activity or without your knowledge, your PC may be infected by malware. Article 212 of the Criminal Code provides for a fine of up to 250,000 euro 250,000 pounds and a deprivation of liberty of up to 6 years. In case this activity has been effected without your knowledge, you fall under the above mentioned article 210 of the Criminal Code of World Department of Cybercrime... The amount of fine is 100 euro or 100 pounds. You can pay a fine Ukash or PaysafeCard. When you pay the fine, you PC will get unlocked in 1 to 72 hours after the money is put into the State's account.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

"Interpol Department of Cybercrime" ransomware removal:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK.

During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

alt

Video showing how to start Windows 7 in "Safe Mode with Networking":

Step 2

Log in to the account infected with "Interpol Department of Cybercrime" ransomware. Start your Internet browser and download a legitimate anti-spyware program.

Update the anti-spyware software and start a full system scan. Remove all the entries detected.

Cannot boot in Safe Mode with Networking? ("Interpol Department of Cybercrime" virus blocks Safe Mode with Networking)

If you have more than one user account in your operating system - please log-in to the clean account and download the recommended malware removal software, install it and run a full system scan. Remove all the security infections detected. If, however, you have only one user account, please follow this guide (it will demonstrate how to create a new user account using Safe Mode with Command Prompt - using this newly created user account you will be able to remove "Interpol Department of Cybercrime" ransomware).

If "Interpol Department of Cybercrime" virus also blocks your operating system's Safe Mode with Networking, follow these removal instructions:

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt mode loads, enter the following line: net user removevirus /add and press ENTER.

alt

3. Next, enter this line: net localgroup administrators removevirus /add and press ENTER.

creating new user using command prompt

4. Finally, enter this line: shutdown -r and press ENTER.

adding a new user in command prompt

5. Wait for your computer to restart, then boot your PC in Normal Mode and login to the newly-created user account ("removevirus"). This account will not be affected by the ransomware infection and you will be able to download and install recommended malware removal software to eliminate this virus from your computer.

new user account created

6. Download and install recommended malware removal software to eliminate this ransomware infection from your computer:

If the newly-created user account is also affected by the ransomware infection, try performing a System Restore:

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt mode loads enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window, click "Next".

restore system files and settings

5. Select one of the available restore points and click "Next" (this will restore your computer's system to an earlier time and date, prior to the ransomware infiltrating your PC).

select a restore point

6. In the opened window, click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of Interpol Department of Cybercrime ransomware.

Notice that some ransomware infections are capable of encrypting all files stored on an infected PC. If you are dealing with this type of infection, you can use some of the tools listed below to decrypt your files.

To regain control of your files (decrypt) try using these tools:

RannohDecryptor (Kaspersky)

XoristDecryptor (Kaspersky)

RectorDecryptor (Kaspersky)

Trojan.Winlock decoding utility (Dr.Web)

Alternative "Interpol Department of Cybercrime" ransomware removal guide:

If this ransomware blocks your screen when you start your computer in Safe Mode with Networking, try starting your PC in Safe Mode with Command Prompt.

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

win 7 safe mode with command prompt

2. In the opened Command Prompt type explorer and press Enter. This command will open the Explorer window - do not close it and continue to the next step.

3. In the Command Prompt, type regedit and press Enter. This will open the Registry Editor window.

4. In the Registry Editor window, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

registy editor winlogon

5. In the right side of the window, locate "Shell" and right click on it. Click on Modify. The default value in the Data column is Explorer.exe - if you see something else displayed in this window, remove it and type Explorer.exe (take a note of whatever else was displayed in the Data column - this is the path of the rogue execution file).

Use this information to navigate to the rogue executable and remove it.

6. Restart your computer, download and install legitimate anti-spyware software and perform a full system scan to eliminate any remnants of Interpol Department of Cybercrime ransomware.

Anti-spyware programs known to detect and remove "Interpol Department of Cybercrime" ransomware scam:

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
Departamanet of Cibercrime Ransomware QR code
Scan this QR code to have an easy access removal guide of Departamanet of Cibercrime Ransomware on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.