The reputable name of the United States Department of Justice has been disgracefully exploited in cybercrime schemes since late May 2013. Scammers ventured to launch a campaign involving ransomware distribution, stating that it’s being done on behalf of the above-mentioned federal executive department. What happens is users get infected with a piece of malicious software known as Reveton that locks them out of Windows and displays a warning before the operating system gets a chance to launch, reading: “The work of your computer has been suspended on the grounds of the violation of the law of the United States of America”. More precisely, the virus wrongfully accuses the affected user of such crimes as spreading pornography involving children, copyright violation, or the use of unlicensed software, each one of which supposedly implies a certain term of imprisonment.
Pretending to act merciful, the fraudsters then suggest a ‘compromise’ which presupposes that the victim pays a fee of $300 for unblocking the machine without further criminal prosecution. To pay this fine, the user needs to submit a 14-digit code from a MoneyPak voucher which ought to be purchased in one of the stores or shops ‘kindly’ listed by the bad guys on the lock page.
Considering that the Department of Justice ransomware hasn’t got a single hue of legitimacy, it’s definitely not right to give to the criminals by paying the fee. Moreover, doing so actually may release Windows access, but it surely won’t get you rid of the malware that’s inside. This is why it’s obviously most judicious to take effort towards removing this nasty infection instead of falling for the scam. Based on the outcomes of our testing endeavors, there exist a number of methods to completely eliminate this particular virus. This article will assist you in performing system cleanup so that no traces of the malicious code remain afterwards.
We came across two versions of this malware, both of which are taking advantage of the same Trojan for contamination, and only differing in a few graphical elements of the lock screen, such as an additional red-color notifier in the top left-hand part and the field for the victim’s IP address, provider and location indicated over to the right. You can view screenshots of both lock pages below.
As we have mentioned, this cyber threat makes the infected computer inoperable by preventing Windows from loading. There also exist a few more consequences of the ransomware running on your machine:
Neither removal through the use of regular security utilities nor manual cleanup turns out inefficient due to peculiar features of this ransomware infection. Extermination of this malware thus needs to be performed in a different way, involving a special type of software and some skills, which we can teach you.
On extensively analyzing this malware, we came up with several removal methods that proved to be the most effective for complete removal of the United States Department of Justice virus from any contaminated system.
For completing this cleanup procedure, you will need a USB drive to further launch the removal software from. Please note that all data on this USB drive will be lost, so make sure you back it up before proceeding.
• Download HitmanPro software to a computer that is not affected by the virus and save it to your Desktop. Before performing the download, be sure to select the version according to the bit-type of your Windows operating system (32- or 64-bit).
• Plug in the USB drive that you are going to use for installing HitmanPro.Kickstart. Having inserted the thumb drive, double-click on the HitmanPro icon on your Desktop. The program’s main Window will appear. Please click on the kicker button as indicated by the red arrow on the screenshot below.
• You will now see a window that will guide you all the way through creating the HitmanPro.Kickstart USB flash drive. Select the right USB drive by clicking on it in the corresponding field, and click the Install Kickstart button.
The software will ask you whether the USB drive contains any important files (all of them will be erased). If there are none, click Yes on the alert. This will automatically initiate the install process. When it completes, click Close button.
• Remove the USB drive and insert it into the computer infected with the Department of Justice virus.
• When it is inserted, turn off the infested PC and switch it back on. As the computer is beginning launch, take a good look at the boot screen to find the key that should be pressed for accessing the Boot Menu or BIOS Setup. Please note that these keys may be different on different computer models. For entering the Boot Menu, those are mainly F10, F11, F12 or Esc buttons. The ones for BIOS Setup are usually Del or F2.
Having figured out the appropriate key for Boot Menu access, reboot and start hitting that key repeatedly as the PC is beginning to load. When in the Boot Menu, use its prompts to select the drive you want to boot your computer from, i.e. USB drive.
• Now your PC will boot from the USB drive and load the HitmanPro.Kickstart saved to the memory stick. You will see a screen requesting you to choose USB Boot Options.
You should press 1 as your choice. Doing so will be followed by Windows starting to load.
• Right after Windows launches, the counterfeit Department of Justice lock screen will appear as it did before, however in 15-20 seconds the HitmanPro main console will pop up on top of that.
Please click Next on the program’s GUI.
• On HitmanPro’s setup screen that appears, we recommend leaving the default installation settings as shown on the following screenshot:
Please click Next.
• SurfRight HitmanPro will now start a virus scan. Having completed the scan, the utility will come up with a report listing the detected threats.
• To get the spotted infections eliminated from your system, click Next. After the removal routine is complete, choose the Reboot option on the subsequent screen. Your computer will restart as usual. The Department of Justice MoneyPak virus is no longer affecting your system. If you are not certain your current antivirus can prevent such infections from getting through in the future, you might want to consider upgrading to HitmanPro licensed version.
This cleanup method allows restoring your operating system to the time period when it was not contaminated with the Department of Justice virus. This procedure will not lead to loss of any files. To perform system restore, please stick to the following steps:
• When the infected computer is starting to load, tap F8 on your keyboard repeatedly to open up Windows Advanced Options Menu. When on this screen, use the arrow keys to highlight Safe Mode with Command Prompt, and hit Enter.
• Once the Command Prompt screen opens, type explorer and press Enter. Be advised this needs to be done quickly (within 2-3 seconds) otherwise the Department of Justice virus will not allow you to type anymore and you will have to start the process over.
• In Windows Explorer, browse to the following path:
On Windows XP: C:\windows\system32\restore\rstrui.exe and hit Enter
On Windows Vista / 7: C:\windows\system32\rstrui.exe and hit Enter
• Using the System Restore prompts, get your system restored to the date when it was unaffected by the malware.