The Department of Justice Ransomware [Removal Guide]

The Department of Justice ransomware is a computer infection that displays a fake notification that pretends to be from Department of Justice and does not allow you to access your Windows desktop until you pay a ransom. This ransomware pretends also that the Departement of Justise has detected that you have been viewing child pornography, using unlicensed software, or sharing copyrighted files. They further state that in order to avoid criminal prosecution you must pay a fee of $300 in the form of a MoneyPak voucher within 48 hours to gain access to your computer again.

The United States Department of Justice Ransom will display the following message on your screen.

The Department of Justice ransomware

The United States Department of Justice
The work of your computer has been suspended on the grounds of the violation of the law of the United States of America.

Possible violations described below:

Article – 184 Pornography involving children (under 18 years)
Imprisonment for the term of up to 10-15 years
(The use or distribution of pornographic files)

Article – 171 Copyright
Imprisonment for the the term of up to 2-5 years
(The use or sharing of copyrighted files)

Article – 113 The use of unlicensed software
Imprisonment for the term of up to 2 years
(The use of unlicensed software)

Amount of fine is $300. Payment must be made within 48 hours after the computer blocking. If the fine has not been paid, you will become the subject of criminal prosecution without the right to pay the fine. The Department for the Fight against Cyberactivity will confiscate your computer (After 48 hours).

ALL ILLEGAL ACTIVITIES CONDUCTED THROUGH YOUR COMPUTER HAVE BEEN RECORDED IN THE POLICE DATABASE, INCLUDING PHOTOS AND VIDEOS FROM YOUR CAMERA FOR FURTHER IDENTIFICATION. YOU HAVE BEEN REGISTERED FOR VIEWING PORNOGRAPHY INVOLVING MINORS.

AN ATTEMPT TO UNLOCK THE COMPUTER BY YOURSELF WILL LEAD TO THE FULL FORMATTING OF THE OPERATING SYSTEM.
ALL FILES, VIDEOS, PHOTOS, DOCUMENTS ON YOUR COMPUTER WILL BE DELETED.

To unlock your computer and to avoid legal consequences, you are obligated to pay a release fee of $300.

The Department of Justice – virus removal

Please download HitmanPro to your desktop.
Press this link for the complete “User Manual” for HitmanPro.Kickstart.

Launch the program by double clicking on HitmanPro.exe. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
Click on the “HitmanPro.Kickstart” button to create a bootable USB-stick with HitmanPro.Kickstart
Now insert the USB flash drive that will be used to write the HitmanPro.Kickstart files to.
- As soon as one or more USB flash drives are detected, a selection screen will be presented.
Now select the USB flash drive on which you want to place the HitmanPro.Kickstart files and press the button Install Kickstart.
Important! Be aware that that all contents of the selected flash drive will be erased before the HitmanPro.Kickstart files are written.
If you press the ‘Yes’ button now, the selected USB flash drive will be formatted and all necessary HitmanPro.Kickstart files will be retrieved from the HitmanPro servers and written to the flash drive
Once the process is completed you can now remove the USB flash drive from the PC and use it to remove the malware from a ransomed PC.

Now insert the HitmanPro.Kickstart USB flash drive into a USB port of the ransomed PC and start the PC.
During the startup of the PC, enter the (BBS) Bios Boot Selector menu and select the USB flash drive that contains HitmanPro.Kickstart to boot from.
- If it’s not possible to enter the BBS go into the BIOS and set the USB option as your first boot-device by the boot-sequence.
The default way to boot is option 1, which skips the master boot record of your hard drive. If you do not press any key, the process will continue after 10 seconds using the default boot selection.
If you see a logon screen you can either select a user and logon, or if you wait approximately 15 seconds, HitmanPro will be started on your Windows logon screen.
Click on the next button. You must agree with the terms of EULA.
Check the box beside “No, I only want to perform a one-time scan to check this computer“.
Click on the next button.
The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
Click on the next button and choose the option activate free license
Click on the next button and the infections where will be deleted.
Click now on the Save Log option and save this log to your desktop.
Click on the next button and restart the computer.