1 of 3
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Dilmalocker Ransomware

Dilmalocker Ransomware is a dangerous threat that can encrypt all your images, documents, databases, and other files if it manages to infiltrate your system. This malicious program got its name after Dilma Rousseff, the 36th president of Brazil. Since the ransom note is also in Portuguese, we assume that these attackers mainly target Brazil and other Portuguese-speaking countries. This infection can bring severe damage to your files; therefore, it is important for you to know how it may have sneaked onto your system. In order to protect your system from similar threats and damage, it is essential that you keep a backup of your files on a portable drive or in cloud storage. This could be the only way for you now to recover your personal files because even if you are offered the decryption key for a certain amount of money, there is little chance for you to actually get it from these cyber villains. This is why we recommend that you remove Dilmalocker Ransomware from your system as soon as possible. Please read our full article to understand more about this dangerous ransomware program and how you may be able to defend your PC against future attacks.

Basically, there are two ways this vicious program can show up on your computer without your knowledge. First of all, it is most likely that you let it on board by opening a spam e-mail. This spam contains an attachments, which is indeed the malicious executable. When you download this file and open it to view it, the malicious operation starts up right away. This obviously means that it is impossible for you to delete Dilmalocker Ransomware before it would finish encrypting your files. Therefore, you would be destined to lose your files the moment you choose to see this attachment. Of course, these criminals are quite tricky and can convince even more experienced computer users as well. Such a spam may appear to be totally authentic, for instance. You may believe that it is important for you to open it even if you find it in your spam folder. As you may have noticed, a lot of times legitimate mails end up in that folder, which need your revision. So when you see a mail there that claims to be regarding an unsettled invoice, an unpaid fine, wrong credit card details given, and so on, it is quite likely that you would want to see it. This is why you need to become more cautious around your mails.

Another possibility is that your computer is attacked via weak RDP (Remote Desktop Protocol) configurations. For example, it is possible that your remote desktop software is not protected by a strong password. These crooks may also use brute-force attack to figure out your password and thus gain access to your system. Once they manage to break in, they can easily install and activate this dangerous ransomware program. This attack is certainly more covert and is impossible to stop in time. We advise you to always use strong passwords to protect your PC and configure such software carefully. It is also advisable to defend your computer against such attacks by installing a professional anti-malware program.

This ransomware program is supposed to use the usual AES-256 algorithm to encrypt the targeted files on your system, including your images, documents, databases, archives, and more. The affected files get a ".__dilmaV1" extension. This infection drops a ransom note files called "RECUPERE_SEUS_ARQUIVOS.html" and "background.bmp" on your desktop. Apart from these files, it also creates "dilminha.dat" on your desktop, which is used as a personal identifier and a file called "DILMA_LOCKER_v1.hta" in your "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup" folder. When the encryption is done, this threat replaces your desktop background with its ransom note image so that you cannot miss it. This image contains a picture of the "name-giver," Dilma Rousseff and a basic ransom note. It informs you that you have 4 days to pay, or else your decryption key will be deleted, and that you have to contact these cyber villains by sending a mail to "dilmaonion@keemail.me" after reading the .html file dropped on your desktop.

This .html file contains further instructions regarding the payment. You have to transfer 3000 Brazilian Reals, which is around 947 US dollars, if you want to receive the decryption key. Obviously, there is no other way for you to be able to decode your files since this is a unique key. You are also offered to send one file to decrypt for free but it cannot be more than 3Mb. Of course, we do not advise you to contact these criminals or to send them anything, let alone money. There is no guarantee whatsoever when it comes to cyber criminals and delivering decryption keys. It is most likely that they will disappear the moment your transfer the fee. We advise you to remove Dilmalocker Ransomware right away.

If you want to eliminate this dangerous threat manually, please use our instructions below to be able to delete all related files and not to leave any leftovers. As you can see, it is not that difficult to let even such a severely damaging malware infection onto your system if you are not careful enough. If you want to protect your PC from future attacks, it would be advisable to install a reliable malware removal application like SpyHunter. Of course, this will not make it less important for you to keep all your programs and drivers updated because this is how you can also stop cyber criminals from exploiting known security bugs.

How to remove Dilmalocker Ransomware from Windows

  1. Move to your desktop and delete these files: background.bmp, RECUPERE_SEUS_ARQUIVOS.html, and dilminha.dat
  2. Replace your desktop wallpaper.
  3. Press Win+E.
  4. Locate and delete all recently downloaded suspicious files.
  5. Search all the possible startup locations for "DILMA_LOCKER_v1.hta" and delete it:
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Start Menu\Programs\Startup
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
  6. Empty your Recycle Bin and reboot your PC.
Download Spyware Removal Tool to Remove* Dilmalocker Ransomware
  • Quick & tested solution for Dilmalocker Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.