USA Cyber Crime Investigations Virus
Written by Tomas Meskauskas
Damage level: Severe
USA Cyber Crime Investigations, Cyber Command of [State name] virus removal instructions
The USA Cyber Crime Investigations, Cyber Command of [State name] message, "ATTENTION! Your computer has been blocked up for safety reasons listed below", blocks computer screens and demands payment of a $300 fine (using MoneyPak or MoneyGram) for alleged law violations. This is a scam. These messages are not sent by any legitimate authorities from the USA - they are caused by a ransomware virus created by cyber criminals. The virus originates from a family called Urausy and targets PC users from the USA - specifically, various states including California, Arizona, North Carolina, Ohio, Pennsylvania, South Texas, Utah, Maryland, Washington, Oregon, New York, New Jersey, Nevada, Indiana, Hawaii, Georgia, and Florida. This targeting is possible since ransomware viruses are capable of detecting the IP addresses of computers infiltrated. This information allows cyber criminals to serve localized variants of their fake messages.
PC users should be aware that no legitimate authorities or organizations, internationally, use computer screen-blocking messages to collect fines for any law violations. This is a scam and paying the fake fine is equivalent to sending your money to cyber criminals. The USA Cyber Crime Investigations message, which demands payment of a fine to unblock your computer, is a scam - ignore this message and do not pay any fines. The correct way to deal with this message is to eliminate it from your computer.
The USA Cyber Crime Investigations virus targets various states of the USA, however, if cyber criminals are unable to detect a specific location of the PC targeted for infection, the user's screen is locked with the message, "Mandiant U.S.A Cyber Security". Commonly, these ransomware viruses are distributed using 'exploit kits', which infiltrate users' operating systems via security vulnerabilities detected within outdated software (Java, Flash, etc.) Therefore, the best way to protecting your computer is to keep all software up-to-date and use legitimate antivirus and anti-spyware programs. The USA Cyber Crime Investigations ransomware virus is a typical scam, which exploits the names of legitimate authorities in order to make the fake message appear authentic. To create a sense of urgency, cyber criminals implement a 48-hour countdown timer and stipulate that the fine be paid within this period - otherwise a criminal case will be opened. In fact, this is merely a cleverly-designed scam, which attempts to trick PC users into paying the bogus fine. If your computer is infected with the USA Cyber Crime Investigations virus, use the removal instructions provided to eliminate this scam from your PC.
Fake message displayed by the USA Cyber Crime Investigations virus:
USA Cyber Crime Investigations.
Cyber Command of [State name] (Arizona, North Carolina, Ohio, Pennsylvania, South Texas, Utah, Maryland, Washington, Oregon, New York, New Jersey, Nevada, Indiana, Hawaii, Georgia, Florida or California).
ATTENTION! Your computer has been blocked up for safety reasons listed below. You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United States of America criminal law.
Article 161 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.
Also, you are suspected of violation of "Copyright and Related rights Law" (downloading of pirated music, video, ware.) and of use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of United States of America criminal law.
Article 148 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.
It was from your computer, that unauthorized access had been stolen to information of State importance and to data closed for public Internet access.
Unauthorized access could have been arranged by yourself purposely on mercenary motives, or without your knowledge and consent, provided your computer could have been affected by malware. Consequently, you are suspected - until the investigation is held - of innocent infringement of Article 215 of United States of America criminal law ("Law on negligent and reckless disregard of computers and computer aids").
Article 215 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 8 years and/or up to 100.0000 fine.
Further, after information of your personal computer was examined, it was found out that your personal computer had been regularly used for bulk spamming, either arranged by yourself purposely on mercenary motives, or without your knowledge and consent, provided your computer could have been affected by malware. Bulk-spamming is a way to disseminate malware of banned pornography. Consequently, you are suspected - until the investigation is held - of innocent infringement of Article 301 of United States of America criminal law ("On bulk-spamming and malware (virus) dissemination`).
Article 301 of United States of America criminal law provides for the punishment of deprivation of liberty for term up to 5 years, and up to 250.0000 fine.
Please, mind that both your personal identities and location are well identified, and criminal case can be opened against you in course of 96 hours as of commission of crimes per above Articles. Criminal case can be submitted to court.
However, pursuant to Amendments to the United States of America criminal law dated October 9, 2013, and according to Declaration on Human Rights, your disregard of law may be interpreted as unintended (if you had no incident before) and no arraignment will follow. However, it is a matter of whether you have paid the fine to the Treasury (to the effect of initiatives aimed at protection of cyberspace).
The penalty set must be paid in course of 48 hours as of the breach. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case wilt be opened against you. Amount of firm is 300$. You can settle the fine with MoneyPak or MoneyGram xpress Packet vouchers.
As soon as the money arrives to the Treasury account, your computer will be unblocked in course of 24 hours.
Then in 7 day term you should remedy the breaches associated with your computer. Otherwise, your computer will be blocked up again and criminal case will be opened against yourself (with no option to pay fine).
Please mind, that you should enter or4 verified pussy of vouchers and abstain from caching out of vouchers once used for fine payment. If erroneous pussy were entered, or if attempt was made to cancel vouchers after transaction, then, apart from above breaches, you will be charged with fraud (Article 377 of United States of America criminal law; 1 to 3 years of imprisonment) and criminal case will be opened.
USA Cyber Crime Investigations virus removal:
Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Windows 8 users: Go to the Windows 8 Start Screen, type Advanced, in the search results select Settings. Click on Advanced Startup options, in the opened "General PC Settings" window select Advanced Startup. Click on the "Restart now" button. Your computer will now restart into "Advanced Startup options menu". Click on the "Troubleshoot" button, then click on "Advanced options" button. In the advanced option screen click on "Startup settings". Click on the "Restart" button. Your PC will restart into the Startup Settings screen. Press "5" to boot in Safe Mode with Networking.
Video showing how to start Windows 8 in "Safe Mode with Networking":
Log in to the account infected with this ransomware virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.
If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.
Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.
3. Next, type this line: rstrui.exe and press ENTER.
4. In the opened window click "Next".
5. Select one of the available restore points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware virus infiltrating your PC).
6. In the opened window click "Yes".
7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of this virus.
If you cannot start your computer in Safe Mode with Networking (or with Command Prompt),boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode making its removal complicated. For this step, you require access to another computer. After removing the USA Cyber Crime Investigations virus from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.
Other tools known to remove the USA Cyber Crime Investigations virus: