DotFab Blog » News»Urausy Ransomware Hits the World Again

Urausy Ransomware Hits the World Again


A new wave of lock screen ransomware recently springs up and threats computer users in countries like New Zealand (New Zealand E-crime Lab virus), Canada (Ministry of Public Safety Canada virus), Australia (Australian Communications and Media Authority virus), the United Kingdom (Serious Organised Crime Agency virus) and the United States (Mandiant U.S.A. Cyber Security virus). These ransomware are part of the Trojan/Urausy ransomware family which is similar to Trojan/Reveton ransomware.


Urausy Ransomware work alike—prevent you from using your computer by displaying a full screen image or webpage purportedly from the local authorities, and ask for payment in the form of a “fine” to regain access and to avoid prosecution. It makes use of free online service to identify your IP in order to scam on innocent users and get their location. It is harder and harder to handle Urausy ransomware, because its author has crafted it to encrypt files on victims’ computer or delete all the restore points.

The screenshot of the fake notification displayed by Urausy ransomware:

Urausy ransomware



The symptoms of being infected by Urausy ransomware:


Ⅰ. Urausy ransomware will block you out of the Windows operating system and all the applications on the infected computer.

Ⅱ. You get a lock screen image titled with “Attention! Your computer has been blocked up for safety reasons listed below” instead whenever you try to boot your computer into Windows operating system or Safe Mode.

Ⅲ. In the fake notification it displayed, it claims that illegal online activities have been detected in your computer, so you have to pay a none-existing fine ($100, $200, $300 etc.) via Ukash/Greendot MoneyPak/MoneyGram/paysafecard vouchers within 48 hours to unlock your computer, otherwise you will be accused.

Part of the common message displayed in those fake notifications:

Your computer has been blocked for safety reasons listed below.
You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of Commonwealth of Australia criminal law.
Also, you are suspected of violation of “Copyright and Related rights Law” (downloading of pirated music, video, warez) and of use use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of Commonwealth of Australia Criminal Law.

The penalty set must be paid in course of 48 hours as of the breach. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case will be opened against you.

As soon as the money arrives to the Treasury account, your computer will be unblocked in course of 24 hours.
Then in 7 day term you should remedy the breaches associated with your computer. Otherwise your computer will be blocked up again and criminal case will be opened against yourself (with no option to pay fine).

Ⅳ. Chances are that even if you are lucky enough to restart your computer to Safe Mode successfully, you will just find that all the restore points are deleted.

Even if it exploits the names and logos of various local authorities, you should be aware that it is a scam and this bogus notification has nothing to do with these authorities. You should never pay the ransom as it requested, for the cyber criminals will not unlock your computer even you pay the money. On the contrary, this may put your personal information at risk.



How Does Urausy Ransomware Get on a Computer?


Urausy ransomware can infect a computer in various ways. In most instances, it is performed via drive-by download or Trojan horse that are placed on malicious or compromised websites. When you visit such websites, it will be downloaded automatically and then exploits the vulnerabilities in the Windows operating system or the applications on your computer to get itself installed.

Cyber criminals use spam emails to distribute Urausy ransomware, too. Usually, the infected attachments containing in such emails are the executable program for Urausy ransomware. The links in such emails leads you to the malicious or compromised websites mentioned above.


How to Avoid Being Infected by Such Virus?


1. Keep the Windows operating system and all the software on your computer up-to-date, and patch the system vulnerabilities timely when prompted.


2. Protect your computer with up-to-date security software. Work along with your installed antivirus solution, antimalware program, Anvi Smart Defender, can provide an additional layer of protection to your computer. The Full Guard function puts your computer under real-time protection and keeps you away from malware and malicious websites.

Anvi Smart Defender download link:

Anvi Smart Defender purchase link:


3. Be careful when surfing the Internet and keep an eye on the links and pop-ups before you click on them. You are strongly recommended to turn on the security features of IE, Firefox and Chrome. Or, you may make use of Anvi Ad Blocker to create a clean online environment. It is available for free if you are an Anvi Smart Defender pro version user.

Anvi Ad Blocker trial download link:

Anvi Ad Blocker purchase link:


4. Don’t click on links or open attachments from untrusted sources.


5. Apart from the above aspects, you’d better regularly perform a backup of your important files.


How to Remove Urausy Ransomware?


If you are unfortunately infected by Urausy Ransomware, you can try to remove it using Anvi Rescue Disk. Please go to How to Remove Ransomware Using Anvi Rescue Disk for tutorial.