Remove DMA Locker and Restore Encrypted Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Remove DMA Locker and Restore Encrypted Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by DMA Locker and other threats.
Threats such as DMA Locker may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

DMA Locker is malware whose main purpose is to encrypt vital files on an infected computer’s hard drive as well as its portable drives connected to it. The files that have been encrypted become corrupt and they cannot be opened. In addition to that the locker leaves a ransom note with instructions on how to pay money in exchange for the restoration of the files. Users who have been affected by the virus are strongly advised to not pay anything to the cyber criminals since in this way they may fund their operation and it is no guarantee their files will be restored. It is strongly advisable to remove the threat and look for alternative methods of file decryption, instructions for which we have provided after this article.

Threat Summary

NameDMA Locker
TypeRansomware
Short DescriptionThe ransomware encrypts files with the RSA algorithm and AES-128 ciphers and asks a ransom for decryption.
SymptomsFiles are encrypted and become inaccessible. A ransom note with instructions for paying the ransom shows as a .txt file.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by DMA Locker

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss DMA Locker.

DMA Locker – How Did I Get Infected

One way to become a victim of this nasty cyber-threat is via third-party applications that may advertise malicious web links on your computer. The ransomware may also spread using other methods such malicious links featured in various spam messages. Furthermore, the ransomware may be distributed via several different types of spam email messages. Spam messages may resemble different reputable services, inviting users to either click on a malicious web ink or open a malicious e-mail attachment.

Symantec Security Response has confirmed that once it has been activated on a certain computer, the ransomware may create one or more files in:

%AllUsersProfile%\date_1.txt
Ntserver.exe

The threat then may create the following folder:

%AllUsersProfile%\faktura

What is more, the Trojan creates a registry entry with a value, allowing it to run every time with Windows:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”cssys” = “%AllUsersProfile%\ntserver.exe”

After this, the ransomware begins to encrypt user files that are of the most commonly used file extensions, without the ones below:

.bat .cmd .com .cpl .dll .exe .hta .lnk .msc .msi .msp .pif .scr .sys

Further, the user`s files have been successfully encrypted the ransomware may drop a ransom note, stating the following:

“All your important files (Hard Disks, Network Disks, USB) are encrypted.
The files are encrypted with asymmetric algorithm using AES-256 and RSA-2048 ciphers
Your files are not possible to recovery without decryption key which is located only in OUR database
Only way to recovery your files is to pay us 1500 USD in Bitcoin currency (3.5 BTC) instead of decryption key which allow you to recovery ALL your encrypted files.”

In addition to that it leaves a file, called DMA-Locker which has instructions on how to pay the ransom money. They also include a deadline for payment after which the decryption keys may be destroyed:

dma-locker-file-sensorstechforumSource: Symantec

Remove Locky Ransomware and Restore .locky Encrypted Files

In order to remove this ransomware from your device it is advisable to isolate it first by disconnecting from the internet and backing up your data. After this you should follow the step-by-step instructions provided below. Furthermore, it is also recommended to use an advanced anti-malware software in order to discover all modified registries on your computer and other objects that may be associated with this malware.

UPDATE (February 3): Learn how to restore files encrypted by DMA Locker

Note! Your computer system may be affected by DMA Locker and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as DMA Locker.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove DMA Locker follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove DMA Locker files and objects
2. Find files created by DMA Locker on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by DMA Locker

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...