FacebookTwitterLinkedIn

Polizia Di Stato Virus

Also Known As: Polizia Di Stato Ransomware
Type: Ransomware
Damage level: Severe

Tomas Meskauskas Written by on (updated)

What is Polizia Di Stato?

The Polizia Di Stato message blocks computer screens and demands payment of a 100 Euro fine within the next 72 hours. This is a scam created by cyber criminals and not related to any legitimate authorities from Italy. The main purpose of this rogue message is to trick unsuspecting PC users into paying a bogus fine using Ukash or PaySafeCard.

Note that accusations of using pirated music, video, software, or watching pornography are made simply to scare users into paying the bogus fine.

In fact, paying the 100 Euro fine as demanded by the Polizia Di Stato ransomware virus is equivalent to sending your money to cyber criminals. PC users should be aware that no authorities or organizations, internationally, use screen-blocking messages to collect fines for any law violations.

Polizia Di Stato virus

This particular ransomware virus originates from a family called "Flimrans" and targets PC users from Italy. This security threat, however, is localized, thus computer users from different countries observe similar, localized, versions of this scam.

For example, users from Canada observe this fake message as if sent by the "Polizei Cybercrime Investigation Department", and computer users from the USA, as if sent by the "Computer Crime and Intellectual Property Section". Ransomware localization is possible since cyber criminals design the software with IP address-detection capabilities.

The Policia Di Stato message (which blocks computer screens) is a scam - do not pay any money as ordered by this message. The correct way to deal with this ransomware is to eliminate it from your computer.

A variant of this ransomware virus originating from a family called Revoyem (DirtyDecrypt). Note that at time of writing, no known tools are available to decrypt files encrypted by this ransomware virus:

Polizia di stato ransomware virus (Revoyem or DirtyDecrypt)

A ransomware virus from the Kovter family, exploiting the name of Polizia Di Stato:

Polizia di Stato ransomware virus

The Polizia Di Stato ransomware virus is proliferated using infected email messages, malicious websites, and drive-by downloads. Commonly, there is a slight delay between actual infection and the time at which the computer screen is locked by this deceptive message.

Popular methods of ransomware distribution include 'exploit kits' - security threats that exploit any detected security vulnerabilities in order to infect users' systems. The best way to protect your PC is to keep your operating system and installed software (including Flash, Java, etc.) up-to-date.

Also, use legitimate antivirus and anti-spyware programs. If your computer is already infected with the Polizia Di Stato ransomware virus, use the removal guide provided to eliminate this scam.

A message used by the Polizia Di Stato ransomware to trick PC users into paying a bogus fine:

POLIZIA DI STATO UNITÀ DI ANALISI SUL CRIMINE INFORMATICO.
Attenzione! Il Suo computer è bloccato a causa di uno o più motivi di cui sotto.
Ha violato la legge "Sul diritto d'autore e sui diritti di protezione affini" (Video. Musica. Software) e ha usato illecitamente eto ha distribuito il content protetto dai diritti d'autore, quindi, ha violato l'art. 128 del Codice Penale dell'Italia. Ai sensi dellart. 128 del Codice Penale dell'Italia la violazione di cui sopra viene punita con una sanzione penale da 2 a 500 retribuzioni minime oppure con una reclusione per un periodo compreso tra 2 e 8 anni. Ha visionato o ha distribuito il materiale pornografico vietato (Pornografia infantile/Zoofilia, ecc.). Violando lart. 202 del Codice Penale dell'Italia. L'art. 202 del Codice Penale prevede una reclusione per un periodo da 4 a 12 anni. Dal Suo computer è stato effettuato laccesso illecito ai dati elettronici oppure VOi... L'art. 208 del Codice Penale prevede una sanzione penale fino ad Euro 100.000,00 e/o la reclusione per un periodo compreso tra 4 e 9 anni. Dal Suo computer è stato effettuato laccesso illecito alla Sua insaputa, forse, il Suo computer è contaminato con il software dannoso, quindi, ha violato la legge sul "uso sprezzante del computer'. L'art. 210 del Codice Penale prevede una sanzione penale da €2.000,00 - €8.000,00. Dal Suo computer è stata effettuata la distribuzione di spam o un'operazione pubblicitaria illecita a scopo di lucro, oppure alla Sua insaputa, forse, il Suo computer è contaminato con il software dannoso. L'art. 212 del Codice Penale prevede una sanzione penale fino a €250.000,00 e una reclusione fino a 6 anni. Se loperazione di cui sopra è stata effettuata alla Sua insaputa, Lei è responsabile ai sensi del suddetto articolo 210 del Codice Penale dellitalia. Al momento attuale viene identificata la Sua individualita residenza, nel corso di 72 ore saia promossa l'instaurazione di un procedimento penale a Suo carico riguardante uno o più articoli di cui sopra. A causa di modifica del Codice penale dell'Italia del 28 maggio 2012 la presente violazione della legge (se non è ripetuta - è avvenuta per la prima volta) potrebbe essere considerata convenzionale nel caso di pagamento di una sanzione penale a favore dello Stato. La sanzione penale potrebbe essere pagata solo nel corso di 72 ore dopo la violazione. Dopo 72 ore il termine previsto per il pagamento della sanzione penale scade, e nel corso successive 72 ore sara automaticamente promossa linstaurazione di un procedimento penale a Suo carico!
L'importo della sanzione penale è di €100 Ukash or PaySafeCard. Dopo il pagamento della sanzione penale il Suo computer sara sbloccato nel periodo non inferiore a onora e non superiore a 72 ore dopo l'accredito delle somme sul conto intestato allo Stato.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
 ▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Polizia Di Stato virus removal:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Step 2

Log in to the account infected with the Polizia Di Stato virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.


If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window click "Next".

restore system files and settings

5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware infiltrating your PC).

select a restore point

6. In the opened window click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of the Polizia Di Stato virus.

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disables safe mode, making its removal complicated. For this step, you require access to another computer.

After removing the Polizia Di Stato virus from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.

Other tools known to remove the Polizia Di Stato virus:

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Removal Instructions in other languages
How to prevent against infection
New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Top Removal Guides
QR Code
Polizia Di Stato Ransomware QR code
Scan this QR code to have an easy access removal guide of Polizia Di Stato Ransomware on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.