Remove DMA Locker and Restore Encrypted Files - How to, Technology and PC Security Forum | SensorsTechForum.com

Remove DMA Locker and Restore Encrypted Files

DMA Locker is malware whose main purpose is to encrypt vital files on an infected computer’s hard drive as well as its portable drives connected to it. The files that have been encrypted become corrupt and they cannot be opened. In addition to that the locker leaves a ransom note with instructions on how to pay money in exchange for the restoration of the files. Users who have been affected by the virus are strongly advised to not pay anything to the cyber criminals since in this way they may fund their operation and it is no guarantee their files will be restored. It is strongly advisable to remove the threat and look for alternative methods of file decryption, instructions for which we have provided after this article.

Threat Summary

NameDMA Locker
TypeRansomware
Short DescriptionThe ransomware encrypts files with the RSA algorithm and AES-128 ciphers and asks a ransom for decryption.
SymptomsFiles are encrypted and become inaccessible. A ransom note with instructions for paying the ransom shows as a .txt file.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by DMA Locker

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss DMA Locker.

DMA Locker – How Did I Get Infected

One way to become a victim of this nasty cyber-threat is via third-party applications that may advertise malicious web links on your computer. The ransomware may also spread using other methods such malicious links featured in various spam messages. Furthermore, the ransomware may be distributed via several different types of spam email messages. Spam messages may resemble different reputable services, inviting users to either click on a malicious web ink or open a malicious e-mail attachment.

Symantec Security Response has confirmed that once it has been activated on a certain computer, the ransomware may create one or more files in:

%AllUsersProfile%\date_1.txt
Ntserver.exe

The threat then may create the following folder:

%AllUsersProfile%\faktura

What is more, the Trojan creates a registry entry with a value, allowing it to run every time with Windows:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”cssys” = “%AllUsersProfile%\ntserver.exe”

After this, the ransomware begins to encrypt user files that are of the most commonly used file extensions, without the ones below:

.bat .cmd .com .cpl .dll .exe .hta .lnk .msc .msi .msp .pif .scr .sys

Further, the user`s files have been successfully encrypted the ransomware may drop a ransom note, stating the following:

“All your important files (Hard Disks, Network Disks, USB) are encrypted.
The files are encrypted with asymmetric algorithm using AES-256 and RSA-2048 ciphers
Your files are not possible to recovery without decryption key which is located only in OUR database
Only way to recovery your files is to pay us 1500 USD in Bitcoin currency (3.5 BTC) instead of decryption key which allow you to recovery ALL your encrypted files.”

In addition to that it leaves a file, called DMA-Locker which has instructions on how to pay the ransom money. They also include a deadline for payment after which the decryption keys may be destroyed:

dma-locker-file-sensorstechforumSource: Symantec

Remove Locky Ransomware and Restore .locky Encrypted Files

In order to remove this ransomware from your device it is advisable to isolate it first by disconnecting from the internet and backing up your data. After this you should follow the step-by-step instructions provided below. Furthermore, it is also recommended to use an advanced anti-malware software in order to discover all modified registries on your computer and other objects that may be associated with this malware.

UPDATE (February 3): Learn how to restore files encrypted by DMA Locker

Manually delete DMA Locker from your computer

Note! Substantial notification about the DMA Locker threat: Manual removal of DMA Locker requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove DMA Locker files and objects
2.Find malicious files created by DMA Locker on your PC
3.Fix registry entries created by DMA Locker on your PC

Automatically remove DMA Locker by downloading an advanced anti-malware program

1. Remove DMA Locker with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by DMA Locker in the future
3. Restore files encrypted by DMA Locker
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.