FacebookTwitterLinkedIn

ACMA Virus

Also Known As: Australian Communications and Media Authority Ransomware
Damage level: Severe

What is ACMA?

The following message blocks the computer screen and demands payment of a AUD $100 fine using Ukash for alleged law violations: Australian Communications and Media Authority (ACMA), Australian Federal Police (AFP), Australian Crime Commission (ACC) and Royal Australian Corps of Military Police (RACMP), "Your computer has been blocked for safety reasons".

This is a scam, a ransomware infection created by cyber criminals whose main purpose is to trick unsuspecting PC users from Australia into paying the bogus fine.

The accusations of law infringements presented by this message (viewing/storage and/or dissemination of banned pornography, downloading pirated music, video, software, etc.) are false. Cyber criminals hope that PC users will believe the message and pay the bogus fine.

Australian Communications and Media Authority (ACMA) virus

Paying the AUD $100 fine is equivalent to sending your money to cyber criminals. Furthermore, there are no guarantees that your computer will be unblocked. The Australian Communications and Media Authority (ACMA) ransomware virus originates from a family called Urausy and specifically targets PC users from Australia.

Other ransomware variants from this family, target PC users from the USA (Mandiant U.S.A Cyber Security virus), the United Kingdom (Metropolitan British Police virus), and France (Agence Nationale de la Sécurité des Systèmes D'information virus).

Cyber criminals are able to present localised versions of their ransomware viruses to users from different countries by using IP address information. If your screen is blocked by this message (screenshot below), you are dealing with a ransomware virus. Do not pay the fine, since this is a scam.

Cyber criminals exploit the names of legitimate authorities from Australia in order to make their rogue screen-blocking messages appear authentic. Note, however, that neither the Australian Communications and Media Authority (ACMA) nor any other authorities, internationally, employ screen-blocking messages to collect fines for any law violations.

A common source of ransomware viruses from the Urausy family are 'exploit kits', which infiltrate users' operating systems via infected email messages, malicious websites, and drive-by downloads.

Exploit kits use any software security vulnerabilities detected on the system, and therefore, keeping your software up-to-date can drastically decrease the risk of infection by ransomware and other malware.

If your computer is already infected with the Australian Communications and Media Authority (ACMA) virus, do not pay the AUD $100 fine. Use the removal guide provided to eliminate this scam from your PC.

A fake message presented by the Australian Communications and Media Authority (ACMA) "Your computer has been blocked" virus:

Australian Communications and Media Authority (ACMA)
AFP. Crime Commission (ACC)
Royal Australian Corps of Military Police (RACMP)

ATTENTION!
Your computer has been blocked for safety reasons listed below.

You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of Commonwealth of Australia criminal law.

Article 161 of the Kingdom of Australia criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.

Also, you are suspected of violation of "Copyright and Related rights Law" (downloading of pirated music, video, warez) and of use use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of Commonwealth of Australia criminal law

Article 148 of Commonwealth of Australia criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.

It was from your computer, that unauthorised access has been stolen to information of State importance and to data close for public Internet access.

Unauthorised access could have been arranged by yourself purposely on mercenary motives, or without your knowledge and consent, provided your computer could have been affected by malware. Consequently, you are suspected - until the investigation is held - of innocent infringement of Article 215 of Commonwealth of Australia criminal law ("Law on negligent reckless disregard of computers and computer aids").

Article 215 of Commonwealth of Australia criminal law provides for the punishment of deprivation of liberty for terms from 5 to 8 years and/or up to AUD $100,000 fine.

Further after information of your personal computer was examined, it was found that your personal computer has been regularly used for bulk-spamming either arranged by yourself purposely on mercenary motives, or with ought your knowledge and consent, provided your computer could have been affected my malware. Bulk-spamming is a way to disseminate malware of banned pornography. Consequently you are suspected - until the investigation is held - of innocent infringement of Article 301 of Commonwealth of Australia criminal law ("On bulk-spamming and malware (virus) dissemination").

Article 301 of Commonwealth of Australia criminal law provide for the punishment of deprivation of liberty for term from 5 years, and up to AUD $250,000 fine.

Please, mind that both your personal identities and location are well identified, and criminal case can be opened against you in course of 96 hours as for commission of crimes per above Articles. Criminal case can be submitted to court.

However, pursuant to Amendments to Commonwealth of Australia criminal law dated july 10, 2013, and according to Declaration on Human Rights, your disregard of law may be interpreted as unintended (if you had no incidents before) and no arraignment will follow. However, it is a matter of whether you have paid the fine of the Treasury (to the effect of initiatives aimed at protection of cyberspace).
The penalty set must be paid in course of 48 hours as the breach. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case will be opened against you.

Amount of fine is AUD $100. You can settle the fine with Ukash vouchers.

As soon as the money arrives to the Treasury account, your computer will be unblocked in course of 24 hours.

Then in 7 day term you should remedy the breaches associated with your computer. Otherwise your computer will be blocked up again and criminal case will be opened against yourself (with no option to pay fine).

Please mind that you should enter only verified pass of vouchers and abstain from caching out of vouchers once used for the fine payment. If erroneous pass were entered, or if attempt was made to cancel vouchers after transaction then, apart from above breaches, you will be charged with fraud (Article 377 of Commonwealth of Australia criminal law, 1 to 3 years of imprisonment) and criminal case will be opened.

 

Copyright Alliance
Internet Police Department
Cyber Crime Investigations - Corporate Theft Analysis Experts
Cyber Crime Unit
Under supervision of Ministry of Interior, Interpol, Copyright Alliance, International Cyber Security Protection Alliance.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Australian Communications and Media Authority (ACMA) virus removal:

Step 1

Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Windows 8 users: Go to the Windows 8 Start Screen, type Advanced, in the search results select Settings. Click on Advanced Startup options, in the opened "General PC Settings" window select Advanced Startup. Click on the "Restart now" button. Your computer will now restart into "Advanced Startup options menu".

Click on the "Troubleshoot" button, then click on "Advanced options" button. In the advanced option screen click on "Startup settings". Click on the "Restart" button. Your PC will restart into the Startup Settings screen. Press "5" to boot in Safe Mode with Networking.

Windows 8 Safe Mode with networking

Video showing how to start Windows 8 in "Safe Mode with Networking":

Step 2

Log in to the account infected with the Australian Communications and Media Authority (ACMA) virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.


If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window click "Next".

restore system files and settings

5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the Australian Communications and Media Authority (ACMA) ransomware infiltrating your PC).

select a restore point

6. In the opened window click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of the Australian Communications and Media Authority (ACMA) virus.

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode making its removal complicated. For this step, you require access to another computer.

After removing the Australian Communications and Media Authority (ACMA) virus from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.

Other tools known to remove the Australian Communications and Media Authority (ACMA) virus:

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
Australian Communications and Media Authority Ransomware QR code
Scan this QR code to have an easy access removal guide of Australian Communications and Media Authority Ransomware on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.