United States Courts Ransomware

Posted: May 28, 2013

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	1/10
Infected PCs:	34

First Seen:	May 28, 2013
OS(es) Affected:	Windows

The United States Courts Ransomware is an illegal program that creates a fake anti-piracy warning while blocking your ability to access your desktop or other software. While the United States Courts Ransomware isn't affiliated with the US government and will display its alert no matter whether or not you happen to have used your PC to download files illegally, the United States Courts Ransomware's system-locking attack is perfectly real, and will prevent you from using your PC until you find a means of disabling the United States Courts Ransomware. Although the United States Courts Ransomware claims to have an unlock function that will come into play once you pay its fake legal fee, SpywareRemove.com malware analysts haven't seen any evidence of such a function, and recommend using well-worn anti-malware strategies and software to disable and remove the United States Courts Ransomware – without giving in to its ransom.

When Your File-Downloading Habits Come Back to Haunt Your PC

The United States Courts Ransomware joins the ranks of many similar Anti-Piracy Ransomware Trojans that base their attacks on the not-unlikely assumption that the compromised PC has been used to download copyright-protected media. SpywareRemove.com malware researchers also can point out the Stop Online Piracy MoneyPak Virus, the Fake FBI Anti-Piracy Warning, 'PRS for Music Your computer has been locked is a scam' Ransomware, the Windows Antipiracy Virus, SUISA Ransomware and the FBI PayPal Virus all as examples of very similar but unrelated Trojans. The United States Courts Ransomware and similar PC threats display legal warnings that claim to be from the US government or another law-enforcing institution, but actually are even more illegal than the piracy criminality that they allege your machine has been used to commit.

The United States Courts Ransomware's most identifiable symptom is its pop-up alert, which is designed to cover your screen and load with Windows itself. Other than being borderless and including fraudulent contents, the United States Courts Ransomware's pop-up is structurally the same as the United States Courts Ransomware includes a favorite of recent ransomware-based Trojans: a small sub-window that displays your webcam input, ostensibly to give an impression of the police 'overseeing' your activities.

Along with the pop-up and webcam attacks, the United States Courts Ransomware also blocks you from accessing the rest of Windows. This includes other programs that would be useful for identifying or removing the United States Courts Ransomware. The United States Courts Ransomware's pop-up informs you to pay a ransom to remove this system lockdown, but SpywareRemove.com malware researchers consider this highly unnecessary for getting the United States Courts Ransomware off of your PC.

The Anti-malware Combo That Will Send the United States Courts Ransomware Flying Out of Your Hard Drive

The United States Courts Ransomware and other forms of Piracy Ransomware Trojans are easily removable once they're disabled, but seek to lock your computer down so totally that you may think that paying the fraudulent 'legal' fine is your only option. SpywareRemove.com malware researchers never recommend that action, in part due to availability of methods such as USB flash drive-based boot techniques and Safe Mode features that allow you to disable PC threats like the United States Courts Ransomware, and in part due to the low probability of the United States Courts Ransomware ever actually unlocking your computer.

By working around the United States Courts Ransomware's startup exploit through methods like those described here, you can access Windows as usual, and from that vantage point take action to remove the United States Courts Ransomware. Deleting the United States Courts Ransomware is most easily, efficiently and safely accomplished with automated anti-malware software, as is true for most semi-advanced forms of malicious software.

Technical Details

Additional Information

The following URL's were detected:

greatsearchsport.com

The following messages's were detected:

#	Message
1	United States Courts YOUR COMPUTER HAS BEEN LOCKED Criminal Case NO. 4:12CV072011 Illegally downloaded material (MP3's, Movies or Software) has been located on your computer. By downloading or uploading, those files have been reproduced, thereby involving a criminal offense under 17 U.S.C.A. SS506(a) and 18 USCA SS2319 (2)(A)(B). (a) Whoever violates section 506(a) (relating to criminal offenses) of title 17 shall be punished as provided in subsection (b) of this section and such penalties shall be in addition to any other provisions of the title 17 or any other law. (b) Any person who commits an offense under subsection (a) of this section-- (2) shall be fined not more than $250,000 or imprisoned for not more than two years, or both, if the offense: (A) involves the reproduction of distribution, during any one-hundred-and-eighty-day period, or more than one ten but less than one hundred phono records or copies infringing the copyright in one of more sound recordings; or (B) involves the reproduction or distribution, during any one-hundred-and-eighty-day period, of more than two but less than sixty-five copies infringing the copyright in one or more motion pictures or other audiovisual works. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release of $300. Payable through GreenDot Moneypak. After successful payment, your computer will automatically unlock. Failure to adhere to this request will involve criminal charges and possible imprisonment. To perform the payment, enter the acquired GreenDot Moneypak code in the designated payment field and press the "Submit" button. Please note: This find may only be paid within 48 hours, if you left 48 hours pass without payment, the possibility of unlocking computer expires. In this case the criminal case against you will continue automatically. Your IP-Address: <ip address here> Your Hostname: <hostname here> You can be clearly identified by resolving your IP address and the associated hostname. All of your files have been encrypted, any attempt to unlock your computer by yourself, will result in loss of all your data. This program is maintained by the Administrative Office of the U.S. Courts on behalf of the Federal Judiciary.

Message

United States Courts
YOUR COMPUTER HAS BEEN LOCKED
Criminal Case NO. 4:12CV072011
Illegally downloaded material (MP3's, Movies or Software) has been located on your computer.
By downloading or uploading, those files have been reproduced, thereby involving a criminal offense under 17 U.S.C.A. SS506(a) and 18 USCA SS2319 (2)(A)(B).
(a) Whoever violates section 506(a) (relating to criminal offenses) of title 17 shall be punished as provided in subsection (b) of this section and such penalties shall be in addition to any other provisions of the title 17 or any other law. (b) Any person who commits an offense under subsection (a) of this section--
(2) shall be fined not more than $250,000 or imprisoned for not more than two years, or both, if the offense:
(A) involves the reproduction of distribution, during any one-hundred-and-eighty-day period, or more than one ten but less than one hundred phono records or copies infringing the copyright in one of more sound recordings;
or (B) involves the reproduction or distribution, during any one-hundred-and-eighty-day period, of more than two but less than sixty-five copies infringing the copyright in one or more motion pictures or other audiovisual works.
To unlock your computer and to avoid other legal consequences, you are obligated to pay a release of $300. Payable through GreenDot Moneypak. After successful payment, your computer will automatically unlock.
Failure to adhere to this request will involve criminal charges and possible imprisonment.
To perform the payment, enter the acquired GreenDot Moneypak code in the designated payment field and press the "Submit" button.
Please note: This find may only be paid within 48 hours, if you left 48 hours pass without payment, the possibility of unlocking computer expires.
In this case the criminal case against you will continue automatically.
Your IP-Address: <ip address here>
Your Hostname: <hostname here>
You can be clearly identified by resolving your IP address and the associated hostname.
All of your files have been encrypted, any attempt to unlock your computer by yourself, will result in loss of all your data.
This program is maintained by the Administrative Office of the U.S. Courts on behalf of the Federal Judiciary.