MadLocker/DMA Ransomware

MadLocker/DMA Ransomware is a malicious infection that was designed to hijack personal files and demand for a ransom. This devious threat encrypts files using a file encryption system that allows cyber criminals to act without the user’s notice, and it is no surprise that most users discover this infection only after it encrypts personal files. You might recognize this threat by a different name, DMA Locker, but that does not change anything about it. Our research has shown that this threat – regardless of which name you recognize it by – is most likely to spread using corrupted emails and malicious installers. If you open emails sent by unfamiliar parties, download suspicious attachments, or click on links inserted, various kinds of malware could enter your PC, not just ransomware Trojans. In the same way, if you execute random installers, you might have to worry about the removal of malicious threats as well. Of course, if you are trying to delete MadLocker/DMA Ransomware, this infection must have slithered in already.

Once executed, MadLocker/DMA Ransomware is likely to communicate with remote servers where public and private keys are created. The public key is then sent to the infected computer to initiate file encryption, but the private key is kept in secret, and this is the leverage that cyber criminals have when demanding for a ransom. If you do not acquire the private key, your personal files encrypted by the infection will remain paralyzed. As you can see from the excerpt below, the creators of this ransomware are not secretive about their intentions or the nature of the infection. The thing is that computer users cannot remove MadLocker/DMA Ransomware if they want to decrypt personal files, which means there is no point in using misleading information or scare tactics that are linked to many clandestine threats. Instead, this ransomware shows a pop-up window with the instructions that a user supposedly needs to follow. This window explains what the infection is, how to pay the ransom, how to get the decryption key, and how to use it for file decryption. Of course, if you remove this window, you will not have the threat deleted.

All of your files are encrypted by DMA-Locker!
Your important files including those on the network disks, USB, etc.): photos, videos, documents etc. were encrypted with our DMA-Locker virus. The only way to get your files back is to pay us for unique decryption key. Otherwise, your files will be lost.

Your photos, videos, and documents are the most valuable and sensitive files because they cannot be replaced, unless you have them backed up. The “All your files are encrypted by DMA-Locker” notification that this ransomware shows explains that you need to pay a ransom in Bitcoins (from 1 to 15 BTC, or maybe even more, depending on where you live). A few servers are listed via which you are asked to make the payment. According to the information provided, once the payment is made, you need to contact cyber criminals with a specific code to receive the decryption key. Once the code is applied, you are promised that your personal files will be decrypted within hours. Of course, we cannot guarantee that everything will go according to plan. In fact, it is possible that you will lose your money for nothing, which will leave you with no other option but to remove the encrypted files. Of course, you can delete MadLocker/DMA Ransomware, and we have added steps that will help you remove this infection manually, but that will not help you decrypt files. This is why ransomware is often considered as the most dangerous and malicious kind of malware.

The suspicious DMA-Locker provides a link to a web page that supposedly explains what kind of malware it is, and the information on this page suggests that it is best to pay the ransom without any delay. If you choose this option, do not forget to remove the infection afterward and take care of your virtual security so that malware would not create more problems. We suggest using automated malware detection/removal software just because other infections could have entered your operating system along with this ransomware. Furthermore, it is obvious that your operating system needs better protection, and it is essential that you employ trustworthy antimalware software. If you want to remove MadLocker/DMA Ransomware manually, these are the steps that you can follow. First, delete a file that is used to run this ransomware, and then delete a registry key created to auto-start it with Windows.

MadLocker/DMA Ransomware Removal

1. Tap Win+E to launch Windows Explorer.
2. Enter C:\ProgramData into the address bar.
3. Right-click and Delete the file associated with ransomware (random executable, such as fakturax.exe).
4. Tap Win+R to launch RUN.
5. Type regedit into the dialog box and tap Enter on your keyboard.
6. In the pane on the left move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
7. Right-click and Delete the cssys registry (Value Data C:\ProgramData\ntserver.exe).