DMA Locker, Yet Another Ransomware: Managed Services in Florida

DMA-Locker-4.0.png

DMA-Locker-4.0.png

The Dell Sonicwall Threats Research team have observed yet another ransomware in the wild called DMA Locker. Ransomware remains a very lucrative business for its operators. The only way of recovering files is to pay the ransom assuming no backup is available. Don’t become the next Ransomware casualty; contact us at Symmetric IT Group to learn more about our IT Support and Managed Services in Florida.

With this ransomware we can measure some level of success by observing the bitcoin transactions associated with the given address: Infection Cycle: The Trojan uses the following PDF icon

Infection Cycle:

The Trojan uses the following PDF icon:

DMA

The Trojan drops the following files to the filesystem:

%ALLUSERSPROFILE%\cryptinfo.txt (encrypted file) %ALLUSERSPROFILE%\select.bat (encrypted file) %ALLUSERSPROFILE%\svchosd.exe [Detected as GAV: DMALocker.D (Trojan)] %USERPROFILE%\Start Menu\Programs\Startup\x.vbs (encrypted file)

The Trojan adds the following keys to the registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Windows Firewall “%ALLUSERSPROFILE%\svchosd.exe” HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Windows Update “%ALLUSERSPROFILE%\select.bat”

The Trojan can be seen running in the process list:

 DMA Locker

The following ransom information is displayed on the screen of the infected machine:

DMA Locker 4.0: Managed Services in Florida

As is the case with most other ransomware, decrypting the files on your own is nearly impossible. This is how hackers make their money off of ransomware; they play to the fear that users won’t be getting their data back. This is the reason why we always advocate that you take preventative steps to lessen the chances of your data falling victim to ransomware. Implementing a solid security solution is a great way to do so.

In the case of ransomware, the most important thing to remember is that you need to prevent your systems from getting infected before anything else. With our comprehensive IT support we can protect your business from scams such as this. We can remotely find and eliminate threats, as well as equip your business with powerful security tools to keep destructive malware out of your system.

Don’t become the next Ransomware casualty; contact us at Symmetric IT Group to learn more about our IT Support and Managed Services in Florida.

Source: Dell SonicWALL Security Center

Interested in our Services?

You should be able to run your business without having to worry about managed it support or the security of your data.

Read more about our services and how we can help you.

Related Posts

Schedule Your Free Consultation

"*" indicates required fields

Services you are interested in?*
Yes, subscribe me to Newsletter
This field is for validation purposes and should be left unchanged.

Schedule Your
Free Consultation

Are you exposed to cybersecurity, or technology obsolescence risks? Are their ways to reduce your ongoing Managed IT Support costs or improve business operations?

Information Security by your Managed IT Services provider