FacebookTwitterLinkedIn

Royal Canadian Mounted Police Virus

Also Known As: RCMP Ransomware
Type: Ransomware
Damage level: Severe

Tomas Meskauskas Written by on (updated)

What is Royal Canadian Mounted Police?

The Royal Canadian Mounted Police (RCMP) message demands that computer users pay a $100 CAD fine. This is a scam, a ransomware infection delivering false statements - accusing PC users of downloading copyrighted music and video files, in order to scare them into paying a fake fine.

In fact, this message was created by cyber criminals via Trojan infections employed to infiltrate users' systems with ransomware scams. The Royal Canadian Mounted Police do not send messages such as this and no authorities internationally use these methods (locking computer screens) to collect fines for any law violations.

Royal Canadian Mounted Police - Your PC is blocked virus

This particular ransomware infection originates from a family called Urausy and targets PC users from Canada. Cyber criminals from this family localize the screen-blocking fake messages.

For example, PC users from USA with infected computers, observe this message as if sent by the FBI Cyber Crime Division, and from UK, as if sent by the United Kingdom Police. Users should be aware that any message that blocks the computer screen is a scam and paying the fine as demanded is equivalent to sending their money to cyber criminals.

Update July 20, 2013: Cyber criminals have released a new variant of this ransomware virus - Ministry of Public Safety Canada "Computer blocked" Virus

The Royal Canadian Mounted Police ransomware infects users' computers using Trojans and drive-by downloads. Note that there is a slight delay between actual infection and the time at which the fake message is displayed (approximately 5 minutes). This particular ransomware infection is also capable of detecting any existing antivirus program installed on the user's computer.

It uses this information to adapt the fake message to appear more authentic. For example, the logo of the detected antivirus software is displayed on the header of the fake message as follows: "Supported and Protected by (logo of detected antivirus software)".

Moreover, ransomware infections from the Urausy family also exploit the name of the ICSPA (International Cyber Security Protection Alliance). This authority was created to fight cyber crime, however, cyber criminals use this name to make their fake messages appear authentic.

If you see such a message on your computer screen, your PC is infected with a ransomware infection. Ignore the fake message and use this removal guide to eliminate this scam from your computer.

Ukash (Smart Voucher Limited) is a legitimate company and not related to ransomware viruses - cyber criminals use this service to extort money from unsuspecting PC users.

A fake message presented by the Royal Canadian Mounted Police ransomware:

ATTENTION! Your PC is blocked due to at least one of the reasons specified below. You have been violating 'Copyright and Related Rights Law o (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Canada.
Article 128 of the Criminal Code provides for a fine of 200 to 500 minimal wages or a deprivation of liberty for 2 to 8 years.
You have been viewing or distributing prohibited Pornographic content (Child Porno, Zoophilia and etc). Thus violating Article 202 of the Criminal Code of Canada. Article 202 of the Criminal Code provides for a deprivation of liberty for four to 12 years. Illegal access to computer data has been initiated from your PC, or you have been... Article 208 of the Criminal Code provides for a fine of up to CAD $100,000 and/or a deprivation of liberty for 4 to 9 years.
Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware. thus you are violating the law On Neglectful Use of Personal Computer.  Article 210 of the Criminal Code provides for a fine of CAD 02,000 to CAD $8,000.
Spam distribution or other unlawful advertising has been effected from your PC as a profit-seeking activity or without your knowledge, your PC may be infected by malware. Article 212 of the Criminal Code provides for a fine of up to CAD $250,000 and a deprivation of liberty of up to 6 years. In case this activity has been effected without your knowledge, you fall under the above mentioned article 210 of the Criminal Code of Canada.
Your personality and address are currently being identified, a criminal case is going to be initiated against you under one or more articles specified above within the next 72 hours. Pursuant to the amendment to the Criminal Code of Great Canada of February 04, 2013, this law infringement (if it is not repeated - first time) may be considered as conditional in case you pay the fine to the State.
Fines may only be paid within 72 hours after the infringement. As soon as 72 hours elapse, the possibility to pay the fine expires, and a criminal case is initiated against you automatically within the next 72 hours! The amount of fine is CAD $100. You can pay a fine Ukash or PaySafeCard.
When you pay the fine, your PC will get unlocked in 1 to 72 hours after the money is put into the State's account.
Since your PC is unlocked, you will be given 7 days to correct all violations. In case all violations are not corrected after 7 working days, your PC will be blocked again, and a criminal case will be initiated against you automatically under one or more articles specified above.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
 ▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Royal Canadian Mounted Police virus removal:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Step 2

Log in to the account infected with the Royal Canadian Mounted Police virus. Start your Internet browser and download a recommended anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.

 Royal Canadian Mounted Police virus removal using System Restore:

This removal method can be used if you cannot boot your computer in Safe Mode with Networking (the Royal Canadian Mounted Police ransomware blocks this mode).

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window click "Next".

restore system files and settings

5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware infiltrating your PC).

select a restore point

6. In the opened window click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of the Royal Canadian Mounted Police ransomware.

Other methods used to eliminate RCMP ransomware infection from your PC:

Remove the Canadian Mounted Police ransomware using a Rescue Disk.

Royal Canadian Mounted Police ransomware removal using a new user account (Command Prompt).

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

How to prevent against infection
New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Top Removal Guides
QR Code
RCMP Ransomware QR code
Scan this QR code to have an easy access removal guide of RCMP Ransomware on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.