The Mandiant U.S.A. Cyber Security Ransomware is part of the Troj/Urausy Ransomware family of computer infections that displays a lock screen when you start Windows that requires you to pay a ransom before you will be allowed to access your Windows desktop, applications, or files. This ransomware pretends to be a joint effort between Mandiant, the FBI, USA Cyber Crime Center, Department of Justice, and Interpol to block computers that have been involved in illegal cyber activity. This activity includes the distribution of pornography, copyrighted files, or computer viruses. It goes on to state that you need to pay a fine in the amount of $300 within 48 hours or you will face legal prosecution. It is important to note that this is a computer infection and you are not actually being targeted by these agencies
In order to send the ransom you will be required to purchase a MoneyPak or MoneyGram voucher at a store like Kmart, CVS, Walmart, or Walgreens and submit the voucher ID in the lock screen. The malware developers state that once they receive the money, they will automatically unlock your screen so that you can access your Windows desktop again. As this lock screen
is not a legitimate message from any government agency, please ignore it and continue reading the removal guide to remove this threat for free.
When you are locked out of Windows you will be shown a screen that contains the following text:
Mandiant U.S.A. Cyber Security
FBI. Department of Defense
U.S.A. Cyber Crime Center
Your computer has been blocked up for safety reasons listed below.
You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on
non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United States of America criminal law.
Article 161 of United States Of America criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.
Also, you are suspected of violation of “Copyright and Related rights Law” (downloading of pirated music, video, warez) and of use use and/or dissemination of
copyrighted content. Thus, you are suspected of violation of Article 148 of United States of America Criminal Law.
Article 148 of United States of America criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.
It was from your computer, that unauthorized access had been stolen to information of State importance and to data closed for public Internet access.
<more fake legal threats>
The penalty set must be paid in course of 48 hours as of the breach. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case will be opened against you. Amount of fine is $300. You can settle the fine with MoneyPak or MoneyGram xpress Packet vouchers. As soon as the money arrives to the Treasury account, your computer will be unblocked in course of 24 hours.
Then in 7 day term you should remedy the breaches associated with your computer. Otherwise your computer will be blocked up again and criminal case will be opened against yourself (with no option to pay fine).
Without a doubt, this is a computer infection and not a legitimate message from any government agency. Therefore, ignore anything it displays and instead use the removal guide below to remove this ransomware from your computer.
Contact ResolutionsMSP 877-827-2928 for help resolving any computers that have been infected from this virus.