DMA Locker 3.0 Ransomware Released With Stronger Encryption of Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

DMA Locker 3.0 Ransomware Released With Stronger Encryption of Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by DMA Locker 3.0 and other threats.
Threats such as DMA Locker 3.0 may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

shutterstock_253413775Since the older version of DMA Unlocker, which was detected at the beginning of February encrypted files that were eventually able to be decrypted, expectedly enough we now see a newer version written by cyber-crooks which uses even more advanced encryption methods. The newer version also has other changes in how it works and users who have seen its red screen illustrated further in this arStellar Phoenix Data Recovery Technicians License(Pro version with more features)ticle, should not pay the 4 BTC ransom asked to decrypt their files and seek alternative methods for file restoration.

Threat Summary

NameDMA Locker 3.0
TypeRansomware
Short DescriptionThe ransomware encrypts files with the RSA-2048 algorithm and AES-256 ciphers and asks a ransom of 4 BTC for file decryption.
SymptomsFiles are encrypted and become inaccessible. A ransom note with instructions for paying the ransom shows as a .txt file.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by DMA Locker 3.0

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Locky Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

dma-locker-new-message-sensorstechforum

Since the previous version of DMA Locker had flaws in it and the files encrypted by the malware were decryptable, most likely the malware writers behind it decided to update it, fixing such flaws and using even more sophisticated encryption.

At the start, the ransomware has been reported by Malwarebytes researchers to check for the following Windows processes:

  • rstrui.exe
  • ShadowExplorer.exe
  • sesvc.exe
  • cbengine.exe

If any of the processes is detected, the malware begins to close them, and it may delete your Shadow backups, in case you have any.

The DMA Ransomware also may create several different executable files in the computer upon infection. The files are differently named executables, and they may be located in the following file folders:

commonly used file names and folders

There are also two text files that are located in the %ProgramData% folder, named as the following:

  • Cryptinfo.txt
  • Date_1.txt

Besides those files, DMA Locker may create the following registry subkey, to make its malicious executable run every time upon system startup:

  • In “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run”, the REG_SZ subkey, named “{malicious exe name}”

DMA Locker 3.0 – File Encryption

To encrypt the user’s files, the ransomware uses a special module to which it executes a call type of command which sets it to action. Malware researchers report that the AES-256 encryption algorithm and after careful analysis, they believe it uses specific strategy for encrypting a file. One element may be the larger header and also, the encryptor may encrypt portions of the code of the file, not the whole code.

However, unlike the previous version, this version of DMA Locker may use a different RSA key for every file it encrypts, similar to CryptoWall 3.0. And not only this, but the ransomware also provides the user with a custom decryptor allowing him to pay the ransom money which is double now (4 BTC instead of 2 for the previous version) and decrypt the files himself.

decryption-key-dmalocker-sensorstechforum

DMA Locker 3.0 – Distribution

To be spread out into the open, DMA locker uses several different techniques. For, starters this ransomware is not focused much on hiding. In fact, its malicious executable may be distributed directly via malicious URL’s that directly download it or via email attachments. Not only this, but the malware does not delete itself after such situations leaving it open for malware researchers like the specialists in Malwarebytes to analyze it thoroughly.

Remove DMA Locker 3.0 and Restore Encrypted Files

To remove DMA Locker, we suggest using the manual or automatic deletion instructions below. In case you wish to restore files that are encrypted by DMA Locker, unfortunately, there is no relevant solution for direct decryption of the 3.0 version. However, we strongly advise you to follow our forum for updates in case a solution is available and in the meantime you may try the alternative restoration methods from step “.3” below.

Note! Your computer system may be affected by DMA Locker 3.0 and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as DMA Locker 3.0.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove DMA Locker 3.0 follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove DMA Locker 3.0 files and objects
2. Find files created by DMA Locker 3.0 on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by DMA Locker 3.0

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...