Joint Chiefs of Staff virus stands for a special type of Trojan categorized as Reveton. It blocks an attacked PC‘s desktop with the notice “The work of your computer has been suspended on the grounds of the violation of the law of the United States of America”. By the way, this alert is typical to many other similar ransomware lockers. Later on the ransomware instructs that user must pay a fine amounting to 400USD in order for the locker to be removed and a system to be restored to the normal condition. The faulty accusations are the following: watching and/or spreading child pornography, downloading and sharing illegal music and video files or using illegal software downloaded from illegal resources. The scary warning is presented in a manner that allows it to seem as if it is originated by Joint Chiefs of Staff. It attacks systems in the USA. Here is the partial quotation from the fake alert:
The work of your computer has been suspended on the grounds of the violation of the law of the United States of America.
Possible violations are described below:
Article – 184. Pornography involving children (under 18 years)
Imprisonment of the term of up to 10-15 years (The use or distribution of pornographic files)
To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $400.
Joint Chiefs of Staff ransomware prompts users to pay a fine within 48 hours. The warning claims that if user does not pay the funds during this period, the chance for the PC to be unblocked is no longer possible, and criminal proceedings will be initiated as a result. Please keep in mind that all of these accusations are fake. The only goal the crooks have in mind is to make you pay the funds as soon as possible, in their favor. Thus, if you pay the ransom, you will not be able to get the funds back or to have your system unblocked. The only remedy to the present case is deleting Joint Chiefs of Staff fake warning using specific malware removal guidelines and antivirus applications. For more facts please read the guidelines below.
Ransomware unlocking procedure
Note! This tutorial is effective for all GreenDot MoneyPak, Ukash and Paysafecard ransomwares.
- Restart your computer and press F8 while it is restarting.
- Choose safe mode with networking.
- Press Start menu and select Run, or press [Win]+R on keyboard.
- Type msconfig
- Disable startup items rundll32 turning on any application from Application Data.
- Restart your system once again.
- Scan your system with GridinSoft Trojan Killer to identify file and delete it.
Some versions of these viruses disable all safe modes, but give a short gap that you can use to run anti-malware programs. Then do following:
- Reboot normally.
- Click Start and choose Run.
- Enter the text specified in the quotation below. If malware is loaded, just press Alt+Tab once and keep entering the string blindly then press Enter.
- Press Alt+tab and then R (letter) a couple of times. The process of ransomware virus should be killed after you succeed to download, install our recommended software and scan your PC with it.