DilmaLocker Ransomware
The DilmaLocker Ransomware is an encryption ransomware Trojan. The main purpose of these infections is to take over the victims' computers, taking them hostage to demand a ransom payment. To do this, the DilmaLocker Ransomware will use a strong encryption algorithm to make the victim's files inaccessible. Then the DilmaLocker Ransomware demands a ransom payment from the victim. This is a typical attack pattern that has been observed in countless other encryption ransomware Trojans. These attacks have spiked in popularity in 2017, increasing their presence in the wild in the last few years gradually. This elevation in their incidence can be attributed to numerous factors, which include the rise of RaaS services (Ransomware as a Service), as well as the easy availability of open source ransomware platforms and encryption engines. It is more necessary than ever to ensure that your data is protected from attacks like the DilmaLocker Ransomware preemptively.
Table of Contents
The DilmaLocker Ransomware is Another Political-Themed Threat
In its attack, the DilmaLocker Ransomware uses the AES 256 encryption to make the victim's files inaccessible. The DilmaLocker Ransomware will make the victim's files inaccessible and then add the file extension '.__dilmaV1Trojan to the file's name. The DilmaLocker Ransomware will drop three files on the infected computer's desktop after encrypting the victim's data. These files, named background.bmp, dilminha.dat, and RECUPERE_SEUS_ARQUIVOS.html, contain the DilmaLocker Ransomware's ransom note and other information related to the DilmaLocker Ransomware attack. The BMP and HTML files contain the DilmaLocker Ransomware ransom note as an image and in a Web link format.
How the DilmaLocker Ransomware Delivers Its Ransom Demand
The DilmaLocker Ransomware's ransom note is written in Portuguese, and it is clear that the DilmaLocker Ransomware targets computer users in Brazil and Portugal. The DilmaLocker Ransomware ransom note lets the victim know of the attack and demands a ransom of 3000 Reais (close to 1000 USD at the current exchange rate). The DilmaLocker Ransomware claims that the victim's files will be deleted if the ransom is not paid within four days. However, you should ignore these threats and refrain from contacting the people responsible for the DilmaLocker Ransomware attack. In fact, it is common for con artists to simply ignore the victim after the payment is carried out.
The people responsible for the DilmaLocker Ransomware attack claim that they will decrypt a small file (no larger than 3 MB) and also negotiate with the victim if the ransom is not affordable. Inexperienced computer users may be lured by these offers from the con artists, but PC security researchers strongly advise computer users to ignore them and refrain from paying any ransom. The full Portuguese text of the DilmaLocker Ransomware ransom note reads:
'Oops, todos os seus arquivos foram criptografados!!!
Seus documentos: fotos, vídeos, bancos de dados e outros arquivos importantes foram criptografados utilizando o algoritmo AES de 256 bits (mesma criptografia utilizada pelo governo americano para proteger segredos de estado), ou seja, é impossível recuperar seus arquivos sem a senha correta!
Caso haja interesse em obter essa senha e recuperar seus arquivos, recomendamos que entre em contato e siga as instruções!
Em 4 dias seus arquivos serão DELETADOS!
Leia o arquivo 'RECUPERE_SEUS_ARQUIVOS.html' que foi criado em sua área de trabalho.
Contato: dilmaonion@keemail.me'
Protecting Your Data from the DilmaLocker Ransomware and Similar Threats
The DilmaLocker Ransomware is very similar to other encryption ransomware Trojans active today. Due to the high volume of these attacks, it is paramount to take steps to protect your files from these attacks. The best protection against the DilmaLocker Ransomware and similar threats is to have a reliable backup system on the cloud or an external device. Having file backups means that computer users can restore their files from the backup instead of having to trust the people responsible for the DilmaLocker Ransomware to keep their word after paying the large ransom demand.
