Stolen Version of DMA Locker Making the Rounds
Posted by: Timothy Weaver on 06/07/2017 03:18 PM
[
Comments
]
If you have fallen victim to the DMA Locker ransomware, there may be hope.
You may not have been infected with the original malware. There is a threat actor who stole the code and is distributing through open Remote Desktops. However, you can tell the difference by the marker at the beginning of the encrypted file. The original appended the marker !DMALOCK. The stolen program will have such markers as:
!XPTLOCK5.0
!Locked#2.0
!Locked!###
!Encrypt!##
The criminal may change the marker periodically, but the stolen version will not contain the !DMALOCK marker.
MalwareBytes has been 100% successful in decrypting the fake version. So if you are infected, send an email with a sample file to:
hasherezade@gmail.com
Source: MalwareBytes
You may not have been infected with the original malware. There is a threat actor who stole the code and is distributing through open Remote Desktops. However, you can tell the difference by the marker at the beginning of the encrypted file. The original appended the marker !DMALOCK. The stolen program will have such markers as: !XPTLOCK5.0
!Locked#2.0
!Locked!###
!Encrypt!##
The criminal may change the marker periodically, but the stolen version will not contain the !DMALOCK marker.
MalwareBytes has been 100% successful in decrypting the fake version. So if you are infected, send an email with a sample file to:
hasherezade@gmail.com
Source: MalwareBytes
Comments
