A new ransomware has been detected to infect users by encrypting their files and extort them for money for the decryption. The ransomware is reported to display a misleading pop-up notification that claims your computer is locked because the user has committed online crimes. Users who have been affected by the ransomware are advised NOT to pay the 5 BTC (Bitcoins) ransom money and to remove the cyber threat. If your important data has been encrypted, it is recommended to attempt restoring your files using alternative methods.
|Short Description||The malware attacks users by encrypting their files and locking them out of their system.|
|Symptoms||The user may witness fake police type of message, lying to him that he/she has commited a cybercrime and must pay in BTC(Bitcoins) the “fee”.|
|Distribution Method||Via malicious files or web links attached to emails or other messages.|
|Detection Tool||Download Malware Removal Tool, to See If Your System Has Been Affected by MadLocker/DMA Ransomware|
|User Experience||Join our forum to discuss MadLocker/DMA Ransomware.|
MadLocker/DMA Ransomware – How Did I Get Infected
In case, you have become a victim of this nasty cyber-threat it may have happened via several different ways.
The most common method of infection by ransomware is by malicious e-mail attachments or spam links shared via such messages. The user may encounter messages that may look as if they were sent by a reputable organization, such as PayPal, eBay, BestBuy, Amazon, etc. The message topics may look like there is something urgent, for example:
- Your account was suspended due to inactivity.
- Click here to accept incoming payment.
- Incoming file transfer.
- The documents for your gift card.
Such emails may contain attachments either of commonly used file extensions such as .docx, .xml, .pdf, .jpg. or such files compressed in archives (.zip, .rar, etc.)
MadLocker/DMA Ransomware – How Does It Work
Once it has been activated on your computer, the malicious threat may drop its payload in important windows folders. Most commonly used locations are:
- %Application Data%
After dropping its payload, it may consist of one or more modules of the following file extensions:
→.tmp; .dll; .sys; .exe; .vbs;
Each module is typically configured to perform different activities. One of those activities is that the ransomware drops a fraudulent warning message to victim computers that resembles your typical police ransom message. It claims the user has committed some kind of online crime such as downloading licensed software or worse.
Similar to other FBI Ransomware, MadLocker has also been reported by ESG researchers to use a ransomlock module to restrict affected users from accessing their computers. The ransom note aims to convince the user to pay 5 Bit coins that at the time of writing this are around 6500 US dollars. The instructions contain steps to assist the user to pay the “fine” using services like Ukash and Paysafecard.
Cyber-security researchers strongly advise users not to pay the ransom money because there have been reports that paying them will not grant access to the locked PC. The locker Trojan will not deliver as promised and will keep locking the screen until its removed by force.
Remove MadLocker/DMA Ransomware and Unlock Your PC
To remove this ransomware completely from your system, it is important to isolate first. To do this, you should boot into Safe Mode and follow the step-by-step instructions below to remove all modules and registry entries in windows created by the MadLocker ransomware Trojan on your computer.
Restore Your Files
Since there is little information and samples provided regarding MadLocker/DMA Ransomware, it is advisable that you try restoring your files using the following methods:
To try and restore your data, your first bet is to check again for shadow copies in Windows using this software:
If this method does not work, Kaspersky have provided several decryptor tools for files encrypted with the RSA encryption algorithm:
The other method of restoring your files is by trying to bring back your files via data recovery software. Here are some examples of data recovery programs: