Urausy police ransomware, also commonly called the “police virus” or the “FBI virus,” was one of the first police ransomware Trojans initially released in Australia. Since its release, Urausy ransomware has been known to infect computers throughout Europe including countries like Greece, Norway, and Ireland.
This unique type of ransomware first determines where its intended victims are located. Then, based on this region or country, it downloads a variation of the general Trojan that matches the victim’s location. Once this has been accomplished, the Urausy ransomware then creates false notices supposedly from a police force that corresponds to the victim’s location. Often, the message sent to the victim will be written in the determined region’s main language. The notice sent to the victim appears to be from a local police agency, and at the very top of the notice, the country or region’s flag is displayed in a header or banner-like fashion. Along with the flag is the name of the region’s police force and the police force’s emblem.
The supposed police notice created by the ransomware accuses the victim of illegal activity—for example, possessing and distributing some sort of pornography on the infected computer or violating copyright laws by illegally distributing copyrighted materials (such as music or software). The Urausy ransomware then locks the user’s computer files, rendering them inaccessible to the user unless the user pays a fine. To pay this fine, the victim is instructed to use a payment service that may also vary based on the victim’s location. Such payment services include MoneyPak, Ukash, or Paysafecard. In all international versions of the virus, the notice includes a list of places where the victim may go to purchase or use this payment service. Once the victim pays this fine, the infected computer will supposedly be unlocked a certain number of hours after the police force receives the money.
Unfortunately, however, paying the ransom does not always allow victims the ability to access their files again. Experts recommend that victims of this ransomware remove it and to never pay the ransom or otherwise enter any other personal information into the lock screen. It is also recommended that victims of Urausy infection backup any important personal files before removing the ransomware.
Many of the different types of police ransomware spreading across North and South America, such as the Department of Homeland Security ransomware and the FBI’s Internet Crime Complaint Center ransomware, are variations of the Urausy police ransomware.
