EUROPOL European Law Enforcement Agency Virus
Written by Tomas Meskauskas
Damage level: Severe
"Europol - Your computer has been LOCKED" virus - how to unlock your computer?
"Europol - Your computer has been LOCKED" is a fake message that blocks computer users' screens and demands payment of a bogus 100 Euro fine for supposed law violations. The deceptive message presented within this ransomware infection states that your computer was locked because you have downloaded or distributed copyrighted content (music and video files). These accusations are false - the deceptive text within this message was created by cyber criminals to scare PC users into paying the fake fine.
No authorities worldwide (including Europol) use screen lockers such as this to collect fines for law infringements. This message is a ransomware infection originating from a family called Vicas. The second screenshot below shows a fake message from Uremtoo ransomware. Previously-released versions of this scam exploited the name of Interpol to scare PC users into paying fake fines. Do not pay the 100 Euro fine - you will send your money to cyber criminals and your computer will remain locked. Furthermore, if you pay the money via the Paysafecard or Ukash (prepaid cards), it will be difficult to get your money refunded. These services are chosen specifically by cyber criminals to make the tracing of their activities by authorities problematic.
The Europol - Your computer has been LOCKED scam is targeted at PC users from UK, however, these ransomware infections are localized so that users from France will observe the same message translated into their language. Whilst other ransomware infections change the graphics that appear in their deceptive messages, this infection seems to only translate the text to different languages. Ransomware infections are able to identify the IP addresses of PCs they infiltrate, and accordingly, present a localised version of the fake message. Do not trust information presented by the Europol - Your computer has been LOCKED virus and do not pay the fine. Use the removal guide provided to eliminate this scam from your PC.
Ukash (Smart Voucher Limited) is a legitimate company and not connected to ransomware viruses - cyber criminals use the name of this service to extort money from unsuspecting PC users.
Fake message shown in Europol - Your computer has been LOCKED virus:
Your PC is blocked due to at least one of the reasons specified below:
Your computer has been trying to download and/or to install pirated software or multimedia files protected by international laws and has been blocked According to EU legislation you are required to pay 100 EUR administrative fees if this is the first time you have violated the copyright law. Downloading, installing and distributing Such materials is highly punishable and may leave a long lasting effect on your job and on your friends and relatives, if we don't receive a payment within 48 hours your personal information will be Sent TO your local police authorities. Your hardware used for distribution of pirated software will be confiscated and you will be arrested, charged and convicted for up to 5 years in prison time and registered as a thief for the rest of your life.
To help you make your payment faster and totally anonymous to you, we decided to accept vouchers that are spread nationwide and can be purchased in all major stores.
Eli Legislation p. 163.1 131 Every person who transmits, makes available, distributes, sells, advertises, imports, exports or possesses for the purpose of transmission, making available, distribution, sale, advertising or exportation any illegal software files is guilty of an indictable of fence and liable to imprisonment for a term not exceeding ten years and to a minimum punishment of imprisonment for a term of five years.
A fake message presented in other variants of Europol (Ukash or PaySafeCard) ransomware:
European law enforcement agency
All activities of this computer has been recorded. All your files are encrypted.
You PC (Windows 7(64-Bit)) is blocked due to at least one of the reasons specified below.
You have been subjected to violation of Copyright and Related Rights Law Video, Music, Software) and illegally using or distributing copyrighted contents, thus infringing Article 1, Section 8. Clause 8. also known as the Copyright of the Criminal Code of Great Britain.. Article 1, Section 8, Cause 8 of the Criminal Code provides for a fine 01 100 to five hundred minimal wages or a deprivation of liberty for two to eight years. You have been viewing or distributing prohibited Pornographic contents: (Child Porno, Zoophilla and etc), terrorist materials. Thus violating article 202 of the Criminal Code of Great Britain, Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years. Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law on Neglectful Use of Personal Computer. Article 210 of the Criminal Codes provides for a fine of up to £100,000 and or deprivation of liberty for four to nine years. Pursuant to the amendment to Criminal Code of Great Britain of May28, 2011, this law infringement (if it is not repeated -first time) may be considered as conditional in case you pay the fine.
To unlock your computer and to avoid other legal consequences, you are obliged to pay a release fee of £100. Payable through Ukash or Paysafecard. You can buy the code at any shop organ station. When you pay the fine, your PC will be unblocked in 3 to 48 hours after the money is put into the your account, Please note: Fines may only be paid within 48 hours. As soon as 48 hours elapse, the possibility to pay the fine expires, and the criminal case will be initiated against you automatically within the next 48 hours!
Europol - Your computer has been LOCKED virus removal:
Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Log in to the account infected with Europol - Your computer has been LOCKED virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.
Some Europol virus variants encrypts files on users' computers.
If you are dealing with such an infection, use some of the tools listed below to decrypt your files.
To regain control of your files (decrypt) try using these tools:
After completing these steps your computer should be clean. Reboot your computer in Normal Mode.
Alternative Europol - Your computer has been LOCKED ransomware removal guide:
Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.
3. Next, type this line: rstrui.exe and press ENTER.
4. In the opened window, click "Next".
5. Select one of the available restore points and click "Next" (this will restore your computer's system to an earlier time and date, prior to the ransomware infiltrating your PC).
6. In the opened window, click "Yes".
7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of Europol (Ukash or PaySafeCard) virus.
If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode, making its removal more complicated. For this step, you need access to another computer. After removing Strathclyde Police ransomware from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.
Other tools known to remove Europol - Your computer has been LOCKED ransomware: