The Ministry of Public Safety Canada Ransomware is part of the Troj/Urausy Ransomware family of computer infections that target computers in Canada. When installed this ransomware you show a lock screen that requests a ransom of CAD $100 before you can access your Windows desktop. This lock screen pretends to be from the Ministry of Public Safety Canada, Canadian Association of Chiefs of Police, and Interpol and was placed because your computer has been involved in illegal cyber activity related to pornography and copyrighted content. This activity supposedly includes the distribution of pornography, copyrighted files, or computer viruses. It goes on to state that you need to pay a fine in the amount of CAD $100 within 48 hours or you will face legal prosecution. It is important to note that this is a computer virus and that you are not actually being targeted by these agencies so please do not pay the ransom.
When you are locked out of Windows you will be shown a screen that contains the following text:
Ministry of Public Safety Canada
Canadian Association of Chiefs of Police
Your computer has been blocked for safety reasons listed below.
You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of Canada criminal law.
Article 161 of Canada criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.
Also, you are suspected of violation of "Copyright and Related rights Law" (downloading of pirated music, video, warez) and of use use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of Canada Criminal Law.
Article 148 of Canada criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.
It was from your computer, that unauthorized access had been stolen to information of State importance and to data closed for public Internet access.
<more fake legal threats>
The penalty set must be paid in course of 48 hours as of the breach. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case will be opened against you.
Amount of fine is CAD $100. You can pay a fine Ukash vouchers.
As soon as the money arrives to the Treasury account, your computer will be unblocked in course of 24 hours.
Then in 7 day term you should remedy the breaches associated with your computer. Otherwise your computer will be blocked up again and criminal case will be opened against yourself (with no option to pay fine).
As you can see, this is a computer infection and not a legitimate message from any Canadian government agency. Therefore, ignore anything it displays and instead use the removal guide below to remove this ransomware from your computer.
Your computer should now be free of the Ministry of Public Safety Canada Ransomware infection. If your current anti-virus solution let this infection through, you may want to consider purchasing the licensed version of HitmanPro to protect against these types of threats in the future.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "shell" = "explorer.exe,%AppData%\cache.dat"
BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can ask for malware removal assistance in our Virus,Trojan,Spyware, and Malware Removal Logs forum.
If you have any questions about this self-help guide then please post those questions in our Am I infected? What do I do? and someone will help you.