DMA Locker 4.0 Ransomware Removal Guide

DMA Locker 4.0 ransomware is the latest reincarnation of a widely spread win-locker. This particular version has been dubbed !DMALOCK4.0 in its hex prefix. So far, four different variants of the same core program have been developed. DMA Locker 4.0 ransomware encrypts documents, audios, videos, images, archives, databases and other files. The following file types, among others, are targeted: .pdf, .html, .txt, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .sql, .dll, .ini, .mp3, .wav, .wma, .mid, .raw, .lnk, .vb, .reg, .mdb, .db, .m3u, .m4a, .csv, .wps, .dng, .arw, .bkp, .exif, .sys, .raw, .wsc, .qic, .crw, .mp4, .avi, .wmv, .flv, .mov, .mkv, .mpg, .mpeg, .ogg, .sln, .ai, .pak, .jpg, .jpeg, .png, .gif, .tif, .tiff, .bmp, .psd, .ps1, .srf, .js, .eps, .bin, .zip, .rar, .iff. The clandestine program displays a window on system start-up every time to urge you to pay a ransom. It is stated that the only way to have your files decrypted is with a unique key. Instructions on how to pay the sum are listed in a document, titled cryptinfo.txt. This file is set to be opened on system boot. It is advised not to pay the hackers. You cannot be sure about the outcome. Your accessibility may not be restored. Another possible scenario is for the virus to be reactivated.

DMA Locker 4.0 ransomware is distributed in a few ways. The insidious program is often distributed through an exploit kit by the name of Neutrino. The initial source for the virus can be a spam e-mail. The win-locker can be hidden behind an attachment from the message, like a text document, an image, an archive, a spreadsheet or something else. The senders of the bogus message would try to make you believe it is genuine by misrepresenting a reliable company, such as the national post, a courier firm, a bank, a legal institution or the local police department. To proof the reliability of a given e-mail, look up the contacts from the e-mail. They should match the official coordinates of the company or entity in question. Corrupted websites and compromised web links are often used to distribute DMA Locker 4.0 ransomware. This technique is called a drive-by installation. Opening an infected source is enough to enable the win-locker to get installed. You need to be very careful about the websites you visit and the links you follow. If you have any doubts about the status of a given domain, do some research of your own. It is best to only rely on links which come from reliable websites or people you know personally.

DMA Locker 4.0 Ransomware
Download Removal Tool for DMA Locker 4.0 Ransomware

DMA Locker 4.0 ransomware uses a combination of AES-256 and RSA-2048 ciphers. This makes the malicious code resilient to decryption attempts. Thus far, it has not been cracked. The hackers behind DMA Locker 4.0 ransomware ask victims to pay 1 bitcoin to receive the decryption key. This amounts to approximately $584.09 USD at the current exchange rate. Users are given a limited amount of time to pay this sum. If you miss the deadline, the ransom will be increased to 1.5 bitcoins. The scheduled hour for the increase is listed in the window. The cyber criminals have provided an e-mail address as a means of contact. To assure users they posses the required key to restore their files, the developers of DMA Locker 4.0 ransomware offer to decrypt one file for free. It is said that the time for confirming the payment can take up to several hours. After the confirmation has been received, the “decrypt files” button should be enabled. Although the whole process seems organized, there is no way to be certain that it will go down as per description. You could be swindled without getting your data back. Even if your files do get restored, the virus could remain on your system. The best course of action is to have DMA Locker 4.0 ransomware removed at your own discretion.

DMA Locker 4.0 ransomware can be uninstalled automatically with a professional antivirus program. Conducting a complete system scan will assure the removal of all harmful files and processes. There is currently no separate decrypter for this version of the win-locker. Decrypters for two of the three other versions exist. DMA Locker 4.0 ransomware deletes the shadow volume copies, created when doing a backup, with a process called svchosd.exe. This makes it impossible to recover lost data at this point.

DMA Locker 4.0 Ransomware Removal Instructions

Windows 8

1. Navigate to the Start menu and click on the Windows key.
2. Open the web browser.
3. Type: http://www.xp-vista.com/download-instructions in the search bar of your web browser.
4. Download SpyHunter and install it on your PC.
5. Scan the system with the antimalware tool and erase any infected files and viruses.

Windows Vista and Windows 7

1. Reboot your PC computer and press the F8 key.
2. Go to Windows Advanced Options and select Safe Mode with Networking, press Enter.
3. Type: http://www.xp-vista.com/download-instructions in the search bar of your web browser.
4. Download SpyHunter and install it on your PC.
5. Scan the system with the antimalware application and erase any infected files and viruses.

Windows XP

1. Reboot your PC and press the F8 key.
2. Go to Windows Advanced Options and select Safe Mode with Networking, press Enter.
3. Type: http://www.xp-vista.com/download-instructions in the search bar of your web browser.
4. Download SpyHunter and install it on the computer.
5. Scan your system with the antimalware tool and delete any infected files and viruses.
6. Go to the Start Menu and then click Run.
7. Type “msconfig” in the search bar and click OK.
8. In the System Configuration Utility go to the “Startup” tab and select the option “Disable All”.
9. Press OK and reboot your PC.

By

Speak Your Mind

*