DMA Locker Ransomware

There is a reason computer security experts are really eager to convey how important it is avoid opening email messages from unknown senders. DMA Locker Ransomware is a malicious computer infection that makes use of spam email to reach target computers. It goes without saying that getting infected with ransomware is extremely annoying and frustrating.

In this article, we will tell you how this infection works, and we will also give you instructions on the DMA Locker Ransomware removal. You have to do everything you can to get rid of this infection because the longer it remains in your system; the more it will terrorize you.

We believe that ransomware applications are adept at forcing users into giving away their money because the criminals behind these acts have a lot of practice. As we can see from the program’s interface, it is already a fourth version of the same application: DMA Locker 4.0. So we can easily assume that the people who create such applications definitely know what they are doing.

For example, if we take a closer look at the notification, we would see that it does a good job at catching your attention just by being red. Then, DMA Locker Ransomware also says that all your personal files are locked, and you must now pay a particular amount of bitcoins to retrieve your data. Here is an extract from the notification:

• All your important files (including => hard disks, network disks, flash, UBS) are encrypted.

• All the files are locked with asymmetric algorithm using AES-256 and then RSA-2048 cipher.

• You can’t restore your files because all your backups have been deleted.

• Only way to recover your files is to pay us 1 BTC.

• As a proof you can decrypt 1 file FOR FREE by clicking here: CLICK

As you can see, this application has come ready to be refuted. There are quite a few programs that do not offer you to decrypt one file as a test, but this one does. And if the decryption is successful, you would be all the more so inclined to pay money and get your files back. However, the price is relatively high. According to the latest exchange rate, one bitcoin amounts for approximately 443 USD. And to get bitcoins, you would have to follow the links given to you in the ransomware’s notification.

If you fail to pay the ransom within the given timeframe, DMA Locker Ransomware promises to increase the payout amount by 0.5 BTC. After the increase, if you hesitate to pay for another four days, the criminals say they will destroy the decryption key, and then your files will be lost for good.

However, here we would like to point out one thing that is common for almost all ransomware applications. Shaky C&C connection. C&C stands for the control and command center, or the server that issues orders and tells the ransomware what to do. This is how the program can communicate with its creators, decrypt your files, issue decryption keys, and so on. Yet, more often than not these connections are not secure, and sometimes users cannot get the decryption key because the connection is not stable enough. As a result, it is quite often that users pay the ransom money, but their files remain encrypted.

We would suggest restoring your files from your backup drives. The notification says that your flash disks and USB drives are encrypted, and your backup copies are deleted, but DMA Locker Ransomware cannot encrypt your external hard drives as long as they are not plugged in. Also, the backup copies mentioned most probably mean the Shadow Volume Copies that most of the regular computer users are not even aware of.

You need to remove DMA Locker Ransomware from your PC, and then plug in all the devices where you have saved some of your most important files. Perhaps you have your latest files on a cloud drive or a virtual folder? Check out all the possibilities because paying is not an option.

To get rid of DMA Locker Ransomware, please follow the instructions below. It is not complicated to delete this ransomware application, although we would also strongly recommend investing in a legitimate antispyware tool.

Our security research team says that this infection automatically kills itself the moment a security program is launched, but that is no reason to refrain from running regular PC scans. You need a sentinel application that would keep watch of your system, fending away all the potential threats before they even manage to enter your PC.

How to Remove DMA Locker Ransomware

1. Press Win+R and the Run prompt will open.
2. Type %ALLUSERPROFILE% into the Open box and click OK.
3. Locate and delete svchosd.exe, select.bat, and cryptoinfo.txt.
4. Press Win+R again and type regedit. Click OK.
5. Go to HKEY_CURRENT_USER\Software.
6. Locate the dma_id and dma_public_key values on the right pane.
7. Right-click them and select Delete.
8. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
9. Right-click the Windows update value on the right pane with “select.bat” for Data.
10. Delete it and exit the Registry Editor.