Remove ACMA ransomware

ACMA ransomware refers to a screen-locker malware infection that locks users’ screens and displays a message saying users will be charged with several serious crimes (specifically watching/distributing child pornography) unless they agree to pay a fine. The malware locks users’ screens and prevents them from being able to do anything. The contents of the screen locker are completely false.

 

 

When ACMA (Australian Communications and Media Authority) ransomware is initiated on a computer, it locks users’ screens and displays a fake screen claiming you are about to be charged for a whole series of serious crimes, specifically watching and distributing child pornography videos. This particular screen locker malware targets Australian users based on the various Australian law enforcement agencies being mentioned but there are plenty of other versions that target users in other countries.

The text in the screen locker explains that if users want to avoid being prosecuted for their supposed crimes, they need to pay a fine within 48 hours. If they do, the supposed charges will go away. It goes without saying that the contents of the screen locker are fake and paying would be a waste of money.

The full text from the ACMA ransomware is below:

Australian Communications and Media Authority (ACMA)
AFP. Crime Commission (ACC)
Royal Australian Corps of Military Police (RACMP)

ATTENTION!
Your computer has been blocked for safety reasons listed below.

You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of Commonwealth of Australia criminal law.

Article 161 of the Kingdom of Australia criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.

Also, you are suspected of violation of “Copyright and Related rights Law” (downloading of pirated music, video, warez) and of use use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of Commonwealth of Australia criminal law

Article 148 of Commonwealth of Australia criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.

It was from your computer, that unauthorised access has been stolen to information of State importance and to data close for public Internet access.

Unauthorised access could have been arranged by yourself purposely on mercenary motives, or without your knowledge and consent, provided your computer could have been affected by malware. Consequently, you are suspected – until the investigation is held – of innocent infringement of Article 215 of Commonwealth of Australia criminal law (“Law on negligent reckless disregard of computers and computer aids”).

Article 215 of Commonwealth of Australia criminal law provides for the punishment of deprivation of liberty for terms from 5 to 8 years and/or up to AUD $100,000 fine.

Further after information of your personal computer was examined, it was found that your personal computer has been regularly used for bulk-spamming either arranged by yourself purposely on mercenary motives, or with ought your knowledge and consent, provided your computer could have been affected my malware. Bulk-spamming is a way to disseminate malware of banned pornography. Consequently you are suspected – until the investigation is held – of innocent infringement of Article 301 of Commonwealth of Australia criminal law (“On bulk-spamming and malware (virus) dissemination”).

Article 301 of Commonwealth of Australia criminal law provide for the punishment of deprivation of liberty for term from 5 years, and up to AUD $250,000 fine.

Please, mind that both your personal identities and location are well identified, and criminal case can be opened against you in course of 96 hours as for commission of crimes per above Articles. Criminal case can be submitted to court.

However, pursuant to Amendments to Commonwealth of Australia criminal law dated july 10, 2013, and according to Declaration on Human Rights, your disregard of law may be interpreted as unintended (if you had no incidents before) and no arraignment will follow. However, it is a matter of whether you have paid the fine of the Treasury (to the effect of initiatives aimed at protection of cyberspace).
The penalty set must be paid in course of 48 hours as the breach. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case will be opened against you.

Amount of fine is AUD $100. You can settle the fine with Ukash vouchers.

As soon as the money arrives to the Treasury account, your computer will be unblocked in course of 24 hours.

Then in 7 day term you should remedy the breaches associated with your computer. Otherwise your computer will be blocked up again and criminal case will be opened against yourself (with no option to pay fine).

Please mind that you should enter only verified pass of vouchers and abstain from caching out of vouchers once used for the fine payment. If erroneous pass were entered, or if attempt was made to cancel vouchers after transaction then, apart from above breaches, you will be charged with fraud (Article 377 of Commonwealth of Australia criminal law, 1 to 3 years of imprisonment) and criminal case will be opened.

Copyright Alliance
Internet Police Department
Cyber Crime Investigations – Corporate Theft Analysis Experts
Cyber Crime Unit
Under supervision of Ministry of Interior, Interpol, Copyright Alliance, International Cyber Security Protection Alliance.

How does the malware infect computers?

Ransomware can be distributed in several ways, such as torrents, exploit kits, emails, etc. If you have good browsing habits, you’re less likely to pick up a malware infection because you’re more cautious when online. Developing better habits is a great way to avoid malware in the future.

Being able to recognize malicious emails is a good skill to have as emails that contain malware are quite common. Users whose email addresses have been previously compromised are particularly vulnerable to receiving malicious emails.

In many cases, malicious emails will be very generic and quite easy to recognize. For example, these emails often contain numerous grammar and spelling errors while attempting to impersonate legitimate correspondence from various companies.

Be cautious of emails that use generic words like “User,” “Member,” or “Customer,” when referring to you as this can indicate spam or malicious intent. Reputable companies typically address their customers by name in their emails to create a more personal feeling. Cybercriminals often rely on generic words because they usually lack access to more personal information besides an email address. If you receive an unsolicited email with a generic greeting, especially one that includes an attachment, be careful—it could contain malicious content.

It’s also important to note that targeted emails can be much more sophisticated. These emails generally have no spelling or grammatical errors, include credible details, and address the recipient by name. Therefore, it’s wise to always scan unsolicited email attachments with anti-malware software or services like VirusTotal.

Moreover, malware is frequently distributed through torrents. Many torrent sites are poorly regulated, allowing malicious actors to upload torrents that contain malware. Typically, malware is hidden in torrents for entertainment content like movies, television shows, and video games. Downloading copyrighted materials through torrents is not only illegal but also puts your computer’s security at risk.

Is it a real screen lock shown by Australian police?

This warning is quite obviously not shown by the Australian Communications and Media Authority, not by Australia’s Crime Commission, and not by the Royal Australian Corps of Military Police. It goes without saying that law enforcement agencies do not lock users’ screens and offer to just pay a fine when they commit a crime, particularly if they commit something as serious as watching/distributing child abuse videos. The idea that someone could get away with paying a fine for child pornography distribution is completely ridiculous as it’s a very serious crime.

These lock screens claiming to be from law enforcement agencies are never legitimate. They are shown by a ransomware infection, not by a law enforcement agency.

ACMA ransomware removal

To remove ACMA ransomware, you need to use an anti-malware program. It’s a serious malware infection and requires a professional program to remove it. However, to bypass the lock screen and use your anti-malware program, you need to boot your computer in safe mode. We don’t recommend trying to delete ACMA ransomware manually because you could end up causing even more damage to your device.