The Dell Sonicwall Threats Research team have observed yet another ransomware in the wild called DMA Locker. Ransomware remains a very lucrative business for its operators. The only way of recovering files is to pay the ransom assuming no backup is available. Don’t become the next Ransomware casualty; contact us at Symmetric IT Group to learn more about our IT Support and Managed Services in Florida.
With this ransomware we can measure some level of success by observing the bitcoin transactions associated with the given address: Infection Cycle: The Trojan uses the following PDF icon
The Trojan uses the following PDF icon:
The Trojan drops the following files to the filesystem:
%ALLUSERSPROFILE%\cryptinfo.txt (encrypted file) %ALLUSERSPROFILE%\select.bat (encrypted file) %ALLUSERSPROFILE%\svchosd.exe [Detected as GAV: DMALocker.D (Trojan)] %USERPROFILE%\Start Menu\Programs\Startup\x.vbs (encrypted file)
The Trojan adds the following keys to the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Windows Firewall “%ALLUSERSPROFILE%\svchosd.exe” HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Windows Update “%ALLUSERSPROFILE%\select.bat”
The Trojan can be seen running in the process list:
The following ransom information is displayed on the screen of the infected machine:
As is the case with most other ransomware, decrypting the files on your own is nearly impossible. This is how hackers make their money off of ransomware; they play to the fear that users won’t be getting their data back. This is the reason why we always advocate that you take preventative steps to lessen the chances of your data falling victim to ransomware. Implementing a solid security solution is a great way to do so.
In the case of ransomware, the most important thing to remember is that you need to prevent your systems from getting infected before anything else. With our comprehensive IT support we can protect your business from scams such as this. We can remotely find and eliminate threats, as well as equip your business with powerful security tools to keep destructive malware out of your system.
Don’t become the next Ransomware casualty; contact us at Symmetric IT Group to learn more about our IT Support and Managed Services in Florida.
Source: Dell SonicWALL Security Center