We’ve been able to trace and catch a new virus today. It masks itself under a fake warning supposedly coming from the Computer Crime and Intellectual Property Section. However, this US organization has nothing to do with production and spreading of this fake and scary notification. What is Computer Crime and Intellectual Property Section, by the way? We find from the web that this is a US governmental agency that leads is meant to prevent crimes in the Internet. Obviously, this is a good, reliable and trustworthy company with good intentions and motives. However, here comes the alert supposedly originated by Computer Crime and Intellectual Property Section. Here is how it looks like and what its message says:
Your PC is blocked due at least one of the reasons specified below.
You have been violating “Copyright and Related Rights Law» (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 1, Section 2, Clause 8, also known as the Copyright of the Criminal Code of United States of America.
Article 1, Section 2, Clause 8 of the Criminal Code provides for a fine of 2 to 5 hundred minimal wages or a deprivation of liberty for 2 to 8 years.
You have been viewing or distributing prohibited Pornographic content (Child Porn/Zoophilia and etc.). Thus violating article 202 of the Criminal Code of United States of America. Article 202 of the Criminal Code provides for a deprivation of liberty for 4 to 12 years.
Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law On Neglectful Use of Personal Computer. Article 210 of the Criminal Code provides for a fine of up to $100,000 and/or deprivation of liberty for 4 to 9 years.
Pursuant to the amendment to the Criminal Code of United States of America of August 28, 2012, this law infringement (if it is not repeated – first time) may be considered as conditional in case you pay the fine to the State.
Fines may only be paid within 72 hours after the infringement. As soon as 72 hours elapse, the possibility to pay the fine expires, and a criminal case is initiated against you automatically within the next 72 hours!
To unblock the computer, you must pay the fine through MoneyPak of $300.
How do I unblock the computer using the MoneyPak?
1. Find a retail location near you.
2. Look for a MoneyPak in the prepaid section. Take it to the cashier and load it with cash. A service fee up to $4,95 will apply.
3. To pay fine you should enter the digits MoneyPak resulting code in the payment form and press «Pay MoneyPak».
When you pay the fine, your PC will get unlocked in 1 to 48 hours after the money is put into the State’s account.
In case an error occurs, you’ll have to send the code by email email@example.com (Do not forget to specify IP address).
The whole truth about this warning is that this is a fake notification that is not associated with Computer Crime and Intellectual Property Section at all. Instead, this is yet another ransomware tool designed by hackers who want to steal money from you by means of deceit and fraud. They want you to pay money to them to unlock your system for a special amount of money, and thus you’re instructed by the malware developers to indicate special codes of MoneyPak payment system in the respective field. It is worth mentioning that in spite of all the above-mentioned, MoneyPak isn’t associated with this malware either.
The ransomware promises users that the computer system will be restored (cured) soon, and tells that in order to make it possible they need to enter a code for transfer via MoneyPak system. It states that immediately after entering a code and checking its correctness the computer system will be unlocked.
Please be advised that this fake ‘Computer Crime and Intellectual Property Section’ warning is the Trojan itself. It takes the direct part in locking (blocking) your computer with its scary alert. By the way, rebooting of your computer will not help in this case, no matter how many times you attempt to do it. One thing you should remember once and for all is that you must not obey the instructions of this malicious tool on your workstation. On the contrary, hurry up to cure your system from threat by following the specially designated guidelines for removal of such type of ransomware.
Ransomware unlocking procedure
Note! This tutorial is effective for all GreenDot MoneyPak, Ukash and Paysafecard ransomwares.
- Restart your computer and press F8 while it is restarting.
- Choose safe mode with networking.
- Press Start menu and select Run, or press [Win]+R on keyboard.
- Type msconfig
- Disable startup items rundll32 turning on any application from Application Data.
- Restart your system once again.
- Scan your system with GridinSoft Trojan Killer to identify file and delete it.
Some versions of these viruses disable all safe modes, but give a short gap that you can use to run anti-malware programs. Then do following:
- Reboot normally.
- Click Start and choose Run.
- Enter the text specified in the quotation below. If malware is loaded, just press Alt+Tab once and keep entering the string blindly then press Enter.
- Press Alt+tab and then R (letter) a couple of times. The process of ransomware virus should be killed after you succeed to download, install our recommended software and scan your PC with it.