Recent Articles
How To Recover Overwritten Files
The Snowflake Data Breach: A Comprehensive Overview
Mac Not Recognizing External Hard Drive: Quick Fix Solutions
How Multi-Cloud Backup Solutions Can Prevent Data Disasters
Capibara Ransomware: What is it & How to Remove
What Should a Company Do After a Data Breach: The Ticketmaster Incident
Secles Ransomware: Removal Guide
What To Do When Your Chromebook Freezes
How to Create Hyper-V Backup
What Is The Best Data Recovery Software For PC
Bogdan Glushko
CEO at SalvageData Recovery, Bogdan Glushko has over 18 years of experience in high-security data recovery. Over the years, he's been able to help restore data after logical errors, physical failures, or even ransomware attacks, for individuals, businesses, and government agencies alike.
I think there's an issue with my storage device, but I'm not sure Start a free evaluation →
I need help getting my data back right now Call now (800) 972-3282
DMA Locker Ransomware, DMA Locker 3.0 Ransomware, DMA Locker 4.0 Ransomware, and DMALocker Imposter Ransomware are all variants of the same ransomware family. DMA Locker ransomware is a cryptovirus that uses strong encryption algorithms to encrypt the victim’s files and then demands a ransom for the decryption key.
History
DMA Locker ransomware was first discovered in June 2016 by malware researcher Michael Gillespie. At the time, DMA Locker only affected computers running the Windows operating system and used the AES-256 encryption algorithm to encrypt victims’ files. DMA Locker ransomware gets its name from the DMA Locker website, which is where victims were instructed to go to pay the ransom and download the decryption tool. The original DMA Locker ransomware demanded a ransom of 1 Bitcoin, which was worth approximately $700 at the time.
In October 2016, DMA Locker 3.0 was released. This updated version featured new encryption methods and increased ransom amounts.
DMA Locker 3.0 also added support for more than 60 different file types, which meant that it could now encrypt a wider range of files.
The DMA Locker 3.0 ransomware demanded a ransom of 2 Bitcoins, which was worth approximately $1,400 at the time.
In January 2017, DMA Locker 4.0 was released.
This updated version not only used new encryption methods but also installed a backdoor on the victim’s computer to allow the attacker remote access.
The DMA Locker 4.0 ransomware demanded a ransom of 4 Bitcoins, which was worth approximately $2,800 at the time.
In February 2017, malware researcher Zscaler discovered the DMALocker Imposter. This fake version of DMA Locker ransomware does not encrypt files but instead displays a fake ransom demand in an attempt to trick victims into paying. The DMALocker Imposter does not use any encryption methods and therefore cannot encrypt files.
How does DMA Locker infect victims?
Attackers typically spread DMA Locker ransomware through email phishing campaigns. These campaigns usually involve emails that appear to be from a legitimate company or organization. The email will often contain an attachment or link that, when opened or clicked, will download and install the DMA Locker ransomware on the victim’s computer. They can also spread DMA Locker ransomware through malicious websites and fake online advertisements.
Once DMA Locker is installed on a victim’s computer, it will scan the hard drive for files to encrypt.
What file types does DMA Locker ransomware encrypt?
DMA Locker ransomware can encrypt more than 60 different file types, including pictures, documents, and databases.
What encryption methods does DMA Locker ransomware use?
DMA Locker ransomware uses a combination of the AES-256 and RSA encryption algorithms to encrypt victims’ files. These are both strong encryption algorithms that make it very difficult to decrypt files without the encryption key.
What were the biggest DMA Locker ransomware attacks?
Some of the biggest DMA Locker ransomware attacks include:
– The DMA Locker 3.0 attack on the San Francisco Municipal Transportation Agency in November 2016. This attack resulted in the SFMTA having to pay a ransom of $73,000 in Bitcoins.
– The DMA Locker 4.0 attack on the South Korean web hosting company NAYANA in June 2017. This attack resulted in NAYANA paying a ransom of 550 Bitcoins, which was worth approximately $1.6 million at the time.
Protection
The best way to protect yourself from DMA Locker ransomware is to have a good backup strategy in place. This will ensure that you have a copy of your files that can be used to restore your computer if you do become infected. You should also have a reputable antivirus program installed on your computer and keep it up-to-date.
What should you do?
If you do become infected with DMA Locker ransomware, do not pay the ransom. There is no guarantee that you will get your files back even if you do pay. Instead, you should focus on restoring your computer from a backup. If you don’t have a backup, then you can try using file recovery software to see if you can recover some of your files.
We built SalvageData data recovery software to help you.
Is there a public DMA Locker decryption tool?
Yes, there are a DMALocker decryptor and DMALocker2 decryptor that can be downloaded from Emsisoft.
This website is a joint initiative between law enforcement agencies and cybersecurity companies to help victims of ransomware.
Contact a data recovery service
If you cannot decrypt your files using the DMA Locker decryptor or file recovery software, then you can contact a professional data recovery service. These services specialize in recovering data from infected computers and may be able to help you get your files back.
If you are looking for a data recovery service to help you recover your DMA Locker encrypted files, then SalvageData Recovery Services can help. We are a professional data recovery company with over 15 years of experience in the industry. We have recovered data from all types of devices and computers, including those infected with DMA Locker ransomware.
Our team of certified data recovery engineers is available 24/7 to help you recover your data. Contact us today to get started.
