Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove MadLocker/DMA Ransomware and Restore Encrypted Files

A new ransomware has been detected to infect users by encrypting their files and extort them for money for the decryption. The ransomware is reported to display a misleading pop-up notification that claims your computer is locked because the user has committed online crimes. Users who have been affected by the ransomware are advised NOT to pay the 5 BTC (Bitcoins) ransom money and to remove the cyber threat. If your important data has been encrypted, it is recommended to attempt restoring your files using alternative methods.

Name MadLocker/DMA Ransomware
Type Ransomware
Short Description The malware attacks users by encrypting their files and locking them out of their system.
Symptoms The user may witness fake police type of message, lying to him that he/she has commited a cybercrime and must pay in BTC(Bitcoins) the “fee”.
Distribution Method Via malicious files or web links attached to emails or other messages.
Detection Tool Download Malware Removal Tool, to See If Your System Has Been Affected by MadLocker/DMA Ransomware
User Experience Join our forum to discuss MadLocker/DMA Ransomware.

shutterstock_271501652

MadLocker/DMA Ransomware – How Did I Get Infected

In case, you have become a victim of this nasty cyber-threat it may have happened via several different ways.
The most common method of infection by ransomware is by malicious e-mail attachments or spam links shared via such messages. The user may encounter messages that may look as if they were sent by a reputable organization, such as PayPal, eBay, BestBuy, Amazon, etc. The message topics may look like there is something urgent, for example:

  • Your account was suspended due to inactivity.
  • Click here to accept incoming payment.
  • Incoming file transfer.
  • The documents for your gift card.

Such emails may contain attachments either of commonly used file extensions such as .docx, .xml, .pdf, .jpg. or such files compressed in archives (.zip, .rar, etc.)

MadLocker/DMA Ransomware – How Does It Work

Once it has been activated on your computer, the malicious threat may drop its payload in important windows folders. Most commonly used locations are:

  • %Application Data%
  • %User%
  • %System%
  • %Temp%
  • %Windows%

After dropping its payload, it may consist of one or more modules of the following file extensions:

→.tmp; .dll; .sys; .exe; .vbs;

Each module is typically configured to perform different activities. One of those activities is that the ransomware drops a fraudulent warning message to victim computers that resembles your typical police ransom message. It claims the user has committed some kind of online crime such as downloading licensed software or worse.

Similar to other FBI Ransomware, MadLocker has also been reported by ESG researchers to use a ransomlock module to restrict affected users from accessing their computers. The ransom note aims to convince the user to pay 5 Bit coins that at the time of writing this are around 6500 US dollars. The instructions contain steps to assist the user to pay the “fine” using services like Ukash and Paysafecard.

Cyber-security researchers strongly advise users not to pay the ransom money because there have been reports that paying them will not grant access to the locked PC. The locker Trojan will not deliver as promised and will keep locking the screen until its removed by force.

Remove MadLocker/DMA Ransomware and Unlock Your PC

To remove this ransomware completely from your system, it is important to isolate first. To do this, you should boot into Safe Mode and follow the step-by-step instructions below to remove all modules and registry entries in windows created by the MadLocker ransomware Trojan on your computer.

1. Boot Your PC In Safe Mode to isolate and remove MadLocker/DMA Ransomware
2. Remove MadLocker/DMA Ransomware with SpyHunter Anti-Malware Tool
3. Remove MadLocker/DMA Ransomware with Malwarebytes Anti-Malware.
4. Remove MadLocker/DMA Ransomware with STOPZilla AntiMalware
5. Back up your data to secure it against infections and file encryptions by MadLocker/DMA Ransomware in the future

Restore Your Files

Since there is little information and samples provided regarding MadLocker/DMA Ransomware, it is advisable that you try restoring your files using the following methods:
To try and restore your data, your first bet is to check again for shadow copies in Windows using this software:

Shadow Explorer

If this method does not work, Kaspersky have provided several decryptor tools for files encrypted with the RSA encryption algorithm:
Kaspersky Decryptors

The other method of restoring your files is by trying to bring back your files via data recovery software. Here are some examples of data recovery programs:

EaseUS Data Recovery
Recuva
R-Studio
Photorec

For further information if the encryption algorithm is RSA you may check the following articles:
Remove RSA-2048 Key From Crypto Ransomware
Restore Files Encrypted via RSA Encryption

NOTE! Substantial notification about the MadLocker/DMA Ransomware threat: Manual removal of MadLocker/DMA Ransomware requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.