United Kingdom Police scam (Cheshire Police Authority Ransomware)

The United Kingdom is currently attacked by a virus that is considered by some persons to be associated with Police Central E-Crime Unit (PCEU). However, this decent law-enforcement body of Great Britain has nothing to do with this scam. Some think this police alert is associated with Metropolitan Police. This is a wrong idea as well. The virus contains the logos of these above-said UK’s agencies and right-protecting organizations, including the names and the logos of Cheshire Police Authority and EC3 Europol and even ICSPA (International Cyber Security Protection Alliance). Yet, the truth that we know about this malware is that it is the direct product of cyber frauds, the authors of many other ransomware lockers of Urausy and Reveton virus families. So, to say “United Kingdom Police scam”, or “United Kingdom Police virus” isn’t really correct. Similar, to speak of Cheshire Police Authority as a virus is a wrong understanding of the problem as well. Yet, this is the exact way how some users make their inquiries in the search engines, after their systems got locked with a serious ransomware developed by the group of online frauds and really instrumental hackers. Here is how the fake United Kingdom Police warning looks like in reality:

United Kingdom Police virus

So, what happens after PCEU fake warning gets into attacked computer? Quite a horrible sequence of events, in fact. First, the entire desktop gets locked with a fake warning supposedly coming from United Kingdom Police (Cheshire Police Authority). Obviously, this is a trick of hackers to make users really scared. Why do they get scared, by the way? Well, primarily because their screen gets utterly blocked and they can’t do anything they want or need to. Furthermore, the fake PCEU warning accuses users of performing various crimes online through their computers, and this is how the ransomware explained the reason why the PC got blocked. Obviously, this scareware has another mission in mind. It clearly states that in order to have the computer unlocked user must pay the fine, supposedly in favor of the State. Yet, the truth is that this ransomware is the direct way how hackers earn unfair money by tricking users and ripping them off. The virus instructs users to pay the fine equal to £100 through Ukash or Paysafecard payment systems. Obviously, if you do so, you will never get your money back. So, never act as the ransomware tells you to act. Don’t obey the fraudulent instructions of cyber crooks.

United Kingdom Police scam belongs to the Urausy virus family. It might be that there will be some other malware modifications with similar design. We’ve been able to catch this virus and test it on our computer. Luckily, we’ve found several ways of how it can be removed and how the desktop can be unlocked. Please first of all refer to our recommended malware removal methods. If they don’t work, then try the alternative removal solution through System Restore.

Recommended removal guides to remove ransomware from your computer:

Cheshire Police Authority scam removal video (through System Restore method):

Direct ransomware removal guide with System Restore method explained:


Quotation from virus locker:

Cheshire Police Authority
United Kingdom Police
Police Central e-crime Unit
Attention! Your PC is blocked due to at least one of the reasons specified below.
You have been violating “Copyright and Related Rights Law» (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Great Britain.
Article 128 of the Criminal Code provides for a fine of 200 to 500 minimal wages or a deprivation of liberty for 2 to 8 years.
You have been viewing or distributing prohibited Pornographic content (Child Porn/Zoophilia and etc). Thus violating article 202 of the Criminal Code of Great Britain.
Article 202 of the Criminal Code provides for a deprivation of liberty for 4 to 12 years.
Illegal access to computer data has been initiated from your PC, or you have been…
Article 208 of the Criminal Code provides for a fine of up to £100,000 and/or a deprivation of liberty for 4 to 9 years.
Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law On Neglectful Use of Personal Computer.
Article 210 of the Criminal Code provides for a fine of £2,000 to £8,000.
Spam distribution or other unlawful advertising has been effected from your PC as a profit-seeking activity or without your knowledge, your PC may be infected by malware.
Article 212 of the Criminal Code provides for a fine of up to £250,000 and a deprivation of liberty of up to 6 years. In case this activity has been effected without your knowledge, you fall under the above-mentioned article 210 of the Criminal Code of Great Britain.
Your personality and address are currently being identified, a criminal case is going to be initiated against you under one or more articles specified above within the next 72 hours.
Pursuant to the amendment to the Criminal Code of Great Britain of February 04, 2013, this law infringement (if it is not repeated – first time) may be considered as conditional in case you pay the fine to the State.
Fines may only be paid within 72 hours after the infringement. As soon as 72 hours elapse, the possibility to pay the fine expires, and a criminal case is initiated against you automatically within the next 72 hours I
The amount of fine is £100. You can pay a fine Ukash or PaySafeCard.
When you pay the fine, your PC will get unlocked in 1 to 72 hours after the money is put into the State’s account.
Since your PC is unlocked, you will be given 7 days to correct all violations.
In case all violations are not corrected after 7 working days, your PC will be blocked again, and a criminal case will be initiated against you automatically under one or more articles specified above.

3 Replies to “United Kingdom Police scam (Cheshire Police Authority Ransomware)”

  1. I had this and I run Linux with Firefox, that shouldn’t happen if this is a virus. I suspect it’s just a silly javascript trick. Before you do anything drastic try this, it worked for me.

    Minimise the Firefox page and open a second instance. Disable javascript, unfortunately Firefox have decided to remove this option from Preferences, so you’ll have to do it via about:config. Scroll down to javascript.enabled = true, double click it to toggle the value to false. Close that instance and go back to the original one. You should now be able to close the scam warning page. Reset javascript to true and it should be OK now.

  2. When removing the scam with hitman a file named dote3a8.gsa was identified as the ransomware file. it was in the c:\ProgramData\ sub directory.
    Don’t know if this would help.

Comments are closed.