The name of the ICSPA and various law enforcement agencies are being used in an attempt to trick citizens into making payment to criminal groups who are carrying out a ransomware scam. Anyone who receives email communications to ‘release’ or ‘unblock’ their computer should report their concerns to their local police services and under no circumstances pay any money. If you have received an email like this, your device is probably infected with malicious software. You are advised to use a reputable computer repair facility to have your device disinfected, or use a reputable security product to do this for you. See below for further assistance.

If you have received emails of this sort, it may be that your device is infected with the Trojan “Urausy.A” – please see notes below on this malicious code.

Trojan.Urausy.A is an infection which was first detected in the summer of 2012 and which is also known by alias names Trojan:Win32/Urausy.A and Backdoor.Win32.Azbreg.lu. The Trojan is best known because of the so-called ransomware viruses which are displayed by it. Needless to say, the main goal of the infection is to get your money, and schemers behind the treacherous program have a few tricks up their sleeves which can help. The Trojan may enter your system and stay hidden for days or even weeks. This is the time during which cyber criminals can download malignant files and initiate a computer lock-down. As soon as you notice that your PC is blocked or it is running disorderly – implement appropriate tools to delete Trojan.Urausy.A.

There is a collection of particular ransomware viruses which are administered by Trojan.Urausy.A creators. Some of the most notable of them are:

– FBI Moneypak Virus

– Police Central e-Crime Unit Virus

– GVU Virus

– Interpol Department of Cybercrime Virus

– Australian Federal Police Virus

– Office Central de Lutte contre la Criminalité Virus

As the names of these infections reveal, the scams of Trojan.Urausy.A ransomware are based upon the trust and respect that Windows users have for their national law enforcers. Let’s say you live in the U.S. and Federal Bureau of Investigation is one of the most reputable national security departments. Schemers are aware of this, which is why they can present you with a bogus security alert supposedly sent by the FBI. Please see an excerpt:

Your PC is blocked due to at least one of the reasons specified below. You have been violating <> (Video, Music, Software) and illegally using or distributing copyrighted content [.] To unlock the computer, you must pay the fine through MoneyPak of $200.

The devious Trojan is enabled by malignant components, including saiAE7.exe found under %TEMP% and msconfig.dat (%APPDATA%). The file which is most devious is RRT.exe. This malign component can execute, delete and add system processes, remove access to Task Manager and Registry Editor, tamper with Internet Explorer and Windows Security Center settings. These Trojan.Urausy.A files travel via Java vulnerabilities and can connect your PC to remote servers tcenj.ru, fsbps.ru or cremk.ru.

As soon as you remove Trojan.Urausy.A, your operating Windows system is back to regular running. To delete the infection, you should employ automatic removal tools, simply because manual option is restricted by disabled access to Windows utilities and locked computer.

If you wish to remove malicious viruses or Trojans, the ICSPA recommends using the links below, supplied by our Enterprise Member, Trend Micro:

1.  How to remove Viruses and Threats – http://esupport.trendmicro.com/en-us/home/pages/virus-and-threat-removal.asp

2. Here is a link to a free of charge solution to scan and fix your PC – http://housecall.trendmicro.com/uk/index.html

3. Trend Micro have a range of home and office products for Windows, MAC, Mobile here: http://www.trendmicro.co.uk/home/index.html 

4. Potential customers may fill out a form or call prior to purchasing for any specific issues / questions they may have – http://www.trendmicro.co.uk/support/technical-advice