Remove Australian Communications and Media Authority (ACMA) ransomware

ACMA ransomware refers to a screen-locker ransomware that locks users’ screens and displays a fake law enforcement message. In this particular case, the screen locker message is supposedly shown by the Australian Communications and Media Authority (ACMA), Australian Federal Police (AFP), Australian Crime Commission (ACC), and Royal Australian Corps of Military Police (RACMP). Supposedly, the reason your screen was locked by authorities was that you have violated several laws, such as the distribution of child pornography. The contents of the screen locker are completely fake. And your screen was not locked by law enforcement but rather by a ransomware infection.

 

 

Ransomware that locks users’ screens to display fake law enforcement messages was very common some years ago but is now encountered quite rarely. Instead, users now have to deal with ransomware that encrypts files and essentially takes them hostage. These screen lockers are significantly easier to deal with because they don’t encrypt users’ files, just lock users’ screens.

This particular screen lock is supposedly shown by Australian law enforcement agencies, including the Australian Communications and Media Authority (ACMA), Australian Federal Police (AFP), Australian Crime Commission (ACC), and Royal Australian Corps of Military Police (RACMP). While this particular screen-locker malware targets users in Australia, there are hundreds of other versions, tailored to other countries’ users.

According to the text on the screen, a criminal case is being built about your illegal online activities, specifically watching/distributing child pornography, zoophilia, and rape videos, as well as downloading copyrighted content. Furthermore, there was supposed unauthorized access and State-importance information theft originating from your device. According to the text, you have 48 hours to pay a fine of AUD 100 to avoid being charged with all the mentioned crimes.

The text in these fake law enforcement messages is usually written in a way that causes users as much anxiety as possible to force them to behave rashly. If users read the entire message with a clear head, they would realize how ridiculous the whole thing sounds. The idea that someone who watches and/or distributes highly illegal pornography videos would avoid charges by simply paying a fine is ridiculous. Law enforcement agencies also do not remotely lock users’ screens when they suspect them of committing crimes.

For future reference, not only is this screen lock a scam, but all others are too. Paying anything would be a complete waste of money.

The full text from the Australian Communications and Media Authority (ACMA) ransomware screen is below:

Australian Communications and Media Authority (ACMA)
AFP. Crime Commission (ACC)
Royal Australian Corps of Military Police (RACMP)

ATTENTION!
Your computer has been blocked for safety reasons listed below.

You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of Commonwealth of Australia criminal law.

Article 161 of the Kingdom of Australia criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.

Also, you are suspected of violation of “Copyright and Related rights Law” (downloading of pirated music, video, warez) and of use use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of Commonwealth of Australia criminal law

Article 148 of Commonwealth of Australia criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.

It was from your computer, that unauthorised access has been stolen to information of State importance and to data close for public Internet access.

Unauthorised access could have been arranged by yourself purposely on mercenary motives, or without your knowledge and consent, provided your computer could have been affected by malware. Consequently, you are suspected – until the investigation is held – of innocent infringement of Article 215 of Commonwealth of Australia criminal law (“Law on negligent reckless disregard of computers and computer aids”).

Article 215 of Commonwealth of Australia criminal law provides for the punishment of deprivation of liberty for terms from 5 to 8 years and/or up to AUD $100,000 fine.

Further after information of your personal computer was examined, it was found that your personal computer has been regularly used for bulk-spamming either arranged by yourself purposely on mercenary motives, or with ought your knowledge and consent, provided your computer could have been affected my malware. Bulk-spamming is a way to disseminate malware of banned pornography. Consequently you are suspected – until the investigation is held – of innocent infringement of Article 301 of Commonwealth of Australia criminal law (“On bulk-spamming and malware (virus) dissemination”).

Article 301 of Commonwealth of Australia criminal law provide for the punishment of deprivation of liberty for term from 5 years, and up to AUD $250,000 fine.

Please, mind that both your personal identities and location are well identified, and criminal case can be opened against you in course of 96 hours as for commission of crimes per above Articles. Criminal case can be submitted to court.

However, pursuant to Amendments to Commonwealth of Australia criminal law dated july 10, 2013, and according to Declaration on Human Rights, your disregard of law may be interpreted as unintended (if you had no incidents before) and no arraignment will follow. However, it is a matter of whether you have paid the fine of the Treasury (to the effect of initiatives aimed at protection of cyberspace).
The penalty set must be paid in course of 48 hours as the breach. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case will be opened against you.

Amount of fine is AUD $100. You can settle the fine with Ukash vouchers.

As soon as the money arrives to the Treasury account, your computer will be unblocked in course of 24 hours.

Then in 7 day term you should remedy the breaches associated with your computer. Otherwise your computer will be blocked up again and criminal case will be opened against yourself (with no option to pay fine).

Please mind that you should enter only verified pass of vouchers and abstain from caching out of vouchers once used for the fine payment. If erroneous pass were entered, or if attempt was made to cancel vouchers after transaction then, apart from above breaches, you will be charged with fraud (Article 377 of Commonwealth of Australia criminal law, 1 to 3 years of imprisonment) and criminal case will be opened.

Copyright Alliance
Internet Police Department
Cyber Crime Investigations – Corporate Theft Analysis Experts
Cyber Crime Unit
Under supervision of Ministry of Interior, Interpol, Copyright Alliance, International Cyber Security Protection Alliance.

How did a screen-locker ransomware infect your computer?

The Australian Communications and Media Authority (ACMA) ransomware can infect computers through various means such as email attachments, system vulnerabilities, and torrent downloads. Users who have safe online habits are much less likely to encounter infections than those who open unknown attachments or click on suspicious links, as well as those who engage in downloading pirated content. To avoid malware infections in the future, it’s important to develop good online habits.

One of the primary ways serious threats like ransomware are distributed is through email attachments. Therefore, all unsolicited email attachments should be scanned using an anti-virus program or a service like VirusTotal before being opened. Cybercriminals often disguise malware-carrying emails as order confirmations or delivery notifications, prompting users to open them even if they haven’t made recent purchases.

Furthermore, downloading copyrighted content through torrents can also lead to infections. It’s common for torrent sites to be poorly moderated, which enables malicious users to upload files that may contain malware. Malware can commonly be found in torrents for popular entertainment, including movies, TV shows, and video games. Consequently, not only is downloading pirated content illegal, but it also poses a risk to your computer’s security.

Lastly, it’s important to emphasize that neglecting to regularly install software and system updates can leave your device vulnerable to various exploits. To safeguard your device, it’s highly advisable to apply updates as soon as they are released, as these updates fix known security vulnerabilities, which can be misused by malicious actors.

How to remove Australian Communications and Media Authority (ACMA) Ransomware

Ransomware, whether it’s a screen-locker or a file-encrypting version, requires an anti-malware program to remove. Thus, do not attempt to remove Australian Communications and Media Authority (ACMA) ransomware manually as you could end up causing additional damage to your computer. To be able to use your anti-virus program, you first need to bypass the screen lock. You can do that by booting your computer in Safe Mode. Once your computer boots in Safe Mode, launch your anti-virus program and remove Australian Communications and Media Authority (ACMA) ransomware from your computer.