How to remove the Mac Royal Canadian Mounted Police virus – Ransomware removal

Mac OS X Royal Canadian Mounted Police virus

The Mac OS X Royal Canadian Mounted Police virus, otherwise known as the Mac Canadian Police virus or Mac Gendarmerie Royale virus is dangerous malware categorized as ransomware that blocks access to a Mac computer system by displaying a full screen Apple Safari or Google Chrome browser window (page) that fraudulently claims to contain a message from the Royal Canadian Mounted Police and other departments of the Canadian Government. The fraudulent message might appear to be introduced from rcmp.gc.ca and details that “your browser has been blocked, all activities of this computer have been recorded. All your files are encrypted” and goes on to detail that the infected computer was used illegally; in cyber crimes involving the viewing or distribution of prohibited pornography contents and/or the distribution of copyrighted materials, among others. The claims made on the fake Royal Canadian Mounted Police browser window go on to detail that if a penalty fine is not made in an allotted amount of time the computer owner may see jail time.

Mac Royal Canadian Mounted Police virus

The claims and details on the Mac Royal Canadian Mounted Police page are false, you are not in trouble with the police, and your computer never visited the actual government website. This is a common, but very severe computer virus that is in not associated with the government of Canada or another country. Paying the fraudulent penalty fine will not remove this computer virus and is not necessary.

If you Mac OS X (Apple) computer is infected with this computer virus do not pay the fine. Removing this infection is quite simple and does not essentially require third-party software. Mac Royal Canadian Mounted Police removal instructions are further below.

Ransomware infections on Mac systems are quite new. In 2012 we first discovered the FBI virus and the PC version of the Royal Canadian Mounted Police virus affecting Windows Operating Systems and in 2013 the senior researcher at Malwarebytes discovered the Mac/Apple version listed here. The difference between the cross platform infections is that the Macintosh version only restricts access using a browser window, which is quite easy to bypass as the window has a limit of 150 iframes (clicking out of the window 150+ times will remove the lock-window). The PC version utilizes trojan horses and blocks an entire computer system, as well as infects a computer with undetected payloads meant to collect and distribute user information. What’s similar is that these ransomware infections do not function properly without internet connection.

The primary objective of this infection is to extort money by masquerading as the Canadian Mounted Police. The harvesting of user information has not been reported and does not seem to be an issue concerning this infection, though malicious websites may track user activity.

How does the Mac Canadian Police virus infect a computer?

The Mac OS X Canadian Police virus and similar malware can be contracted by visiting compromised websites, mostly relating to media content such as torrents, streaming videos, pornography, and file sharing. The allegations brought by this Mac browser-lock virus may seem relative to the point of intrusion though this infection can also be introduced by other means.

How to remove Apple ransomware (Mac OS X)

The Mac Canadian Police virus attacks popular internet browsers using the Macintosh Operating System, including Apple Safari and Google Chrome, though Chrome has updated their browser to defeat this infection (*Update Google Chrome to avoid this infection). Clearing browser data and disabling java on affected internet browsers will remove the browser lock, however disabling Java is not always recommended. This ransomware does not install additional malware or cause additional privacy invading issues. To remove the Mac Canadian Police virus from Mac computers and other forms of ransomware please use the instructions below:

Safari Internet Browser:

1. Open Safari. Select Safari from the top menu and click Reset Safari.

remove mac ransomware

2. A screen will appear that says “Are you sure you want to reset Safari?” Make sure all items on the list are selected (history, reset top sites, etc.),  and click the Reset button.

reset Safari

For video instruction to remove Mac OS X ransomware please see below:

 

Helpful Links:


Sean Doyle

http://Botcrawl.com

Sean Doyle is an engineer from Los Angeles, California. Sean's primary focuses include Internet Security, Web Spam, and Online Marketing.