FacebookTwitterLinkedIn

ICSPA - Your computer has been locked Virus

Also Known As: U.S. Department of Justice - Office of Justice Programs scam
Damage level: High

What is the ICSPA message locking user's computer?

The ICSPA (U.S. Department of Justice - Office of Justice Programs) message, "YOUR COMPUTER HAS BEEN LOCKED BY ICSPA.

All activities of this computer have been recorded.", is a scam. This message blocks computer screens and demands payment of a $300 fine using Reloadit or MoneyGram for supposed law violations (dissemination of banned pornography, downloading pirated music, video, warez, bulk-spamming, etc.) This is a ransomware virus and should not be trusted.

usa reveton 2015 ransomware virus - ICSPA scam

PC users should be aware that this message is not sent by legitimate authorities. Neither the ICSPA, nor any other authorities internationally, use screen-blocking messages to collect fines for any law violations. The "Your computer has been locked" ransomware virus originates from a family called Reveton and targets PC users from the USA.

Cyber criminals responsible for creating this scam, exploit the names of ICSPA (International Cyber Security Protection Alliance) and the U.S. Department of Justice. Note that paying the fine as ordered by this message is equivalent to sending your $300 to cyber criminals - you will lose your money with no guarantees that your PC will be unblocked as a result.

If you observe a message on your screen, stating that your computer has been blocked for security reasons, you are dealing with a ransomware virus. Do not trust this message or pay the bogus fine. The correct way to deal with this message is to eliminate it from your PC.

The ICSPA "Your computer has been locked" ransomware virus is distributed using 'exploit kits', which infiltrate computers using any security vulnerabilities detected on the system. Commonly, exploit kits are implemented within spam email messages, malicious websites, and drive-by downloads.

The best way to protect your computer is by using legitimate antivirus and anti-spyware programs and keeping your software up-to-date. In most cases, ransomware viruses are localized - the deceptive message varies according to the IP address of the computer targeted for infiltration.

Cyber criminals translate their messages into various languages and exploit the names of local authorities in order to make their rogue messages appear authentic. If your PC is already infected with the ICSPA "Your computer has been locked" ransomware virus, use the removal instructions provided to eliminate this scam.

A fake message displayed by ICSPA ransomware virus:

ICSPA International Cyber Security Protection Alliance

U.S. Department of Justice - Office of Justice Programs

 

ATTENTION! YOUR COMPUTER HAS BEEN LOCKED BY ICSPA. All activities of this computer have been recorded. The recent actions performed on this computer have been recorded and analysed. Due to evidence of illegal activity found on this computer (“Downloading and distribution of illegal content - illegal Pornography”), this computer has been locked. Read the Important Information below.

The penalty set (“$400 - US dollars”) must be paid within 48 hours of this notice. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case will be opened against you.

 

You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc.) You have violated World Declaration of non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United States of America criminal law.

 

Article 161 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.

Also, your are suspected for violation of “Copyright and Related rights Law” (downloading of pirated music, video, warez) and of use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of United States of America criminal law.

Article 148 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.

 

The illegal actions that have been recorded on this computer (“Downloading and distribution of illegal content - Illegal Pornography”) could have been actioned by yourself purposely, or without your knowledge and consent, provided your computer could have been affected by malware. Consequently , you are suspected - until the investigation is held - of innocent infringement of Article 215 of United States of America criminal law (“Law on negligent and reckless disregard of computers and computer aids”).

Please note, that personal identities of users who are suspected of committing the illegal actions on this computer have been identified and the evidential data has been recorded. The criminal case can be opened in course of 96 hours as of commission of crimes per above Articles. Criminal case can be submitted to court.

 

However, pursuant to Amendments to the United States of America criminal law dated January 14, 2015, and according to Declaration of Human Rights, you disregard of law may be interpreted as unintended (if you had no incidents before) and no arraignment will follow. However, it is a matter of whether you have paid the fine to the Treasury (to the effect of initiatives aimed at protection of cyberspace).

Current status: “Case can be classified as occasional/unmotivated, according to 17 (U.S Code) 512. Subject to a fine ($400 - US dollars).” - this case can be closed without prosecution. The computer will be unlocked automatically.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

ICSPA ransomware virus removal:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process, press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Video showing how to start Windows 8 in "Safe Mode with Networking":

Step 2

Login to the account infected with ICSPA virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.

Cannot boot in Safe Mode with Networking? (ICSPA ransomware virus is blocking Safe Mode with Networking)

If you have more than one user account within your operating system, login to the clean account and download the recommended malware removal software, install it and run a full system scan.

Remove all security infections detected. If, however, you have only one user account, follow this guide (which describes how to create a new user account using Safe Mode with Command Prompt - using this newly-created user account, you will be able to remove ICSPA ransomware).

If ICSPA scam also blocks your operating system's Safe Mode with Networking, follow these removal instructions:

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: net user removevirus /add and press ENTER.

alt

3. Next, enter this line: net localgroup administrators removevirus /add and press ENTER.

creating new user using command prompt

4. Finally, enter this line: shutdown -r and press ENTER.

adding a new user in command prompt

5. Wait for your computer to restart, and then boot your PC in Normal Mode and login to the newly-created user account ('removevirus'). This account will be unaffected by the ransomware infection and you will be able to download and install recommended malware removal software to eliminate this virus from your computer.

new user account created

6. Download and install recommended malware removal software to eliminate this ransomware infection from your computer:

If the newly-created user account is also affected by the ransomware infection, try performing a System Restore:

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer start process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window, click "Next".

restore system files and settings

5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware infiltrating your PC).

select a restore point

6. In the opened window, click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of ICSPA ransomware.

Other methods used to eliminate this ransomware infection from your PC:

Remove ICSPA virus using a Rescue Disk.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
U.S. Department of Justice - Office of Justice Programs scam QR code
Scan this QR code to have an easy access removal guide of U.S. Department of Justice - Office of Justice Programs scam on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.