Threat Database Ransomware MadLocker/DMA Ransomware

MadLocker/DMA Ransomware

By CagedTech in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 1
First Seen: December 28, 2015
OS(es) Affected: Windows

The MadLocker Ransomware uses a technique that is reminiscent of DoS (Denial of Service) malware variants that have been in operation for years – at least since 2003. The variants of the MadLocker Ransomware, also known as DMA locker, are particularly threatening because they have Direct memory access (DMA), which allows them to carry out their attacks directly on the affected computer's memory, not relying on a file dropped on the victim's machine. The earliest threat variants that used this approach would lock Yahoo! accounts for 24 hours in a crude attempt to extract a ransom from the victim. Other variants that included this feature were also used to carry out Denial of Service attacks on specific servers, as a way of locking computer users out of their online accounts. The MadLocker Ransomware is a variant of CryptoLocker, the infamous ransomware Trojan that was part of the early stages of a wave of ransomware attacks that has been on the increase in the last few years. However, the main feature of the MadLocker Ransomware that makes it stand out from its variants is its ability to operate directly in memory by hooking its corrupted code into other memory processes.

The Damage Caused by the MadLocker Ransomware and Other Ransomware Infections

The MadLocker Ransomware carries out a common ransomware tactic similar to the countless variants of Cryptolocker and similar ransomware Trojans. Threats like the MadLocker Ransomware are used to take over a computer, encrypt the victim's files, and demand the payment of a ransom. The further on are the steps involved in the MadLocker Ransomware tactic:

  1. The MadLocker Ransomware is usually delivered through corrupted spam email attachments or embedded links that lead to attack websites that use a threatening component to target its visitors' computers. Common ways of distributing threats such as the MadLocker Ransomware include social engineering tactics and exploit kits that take advantage of unpatched or outdated software on the victim's computer.
  2. Once the MadLocker Ransomware enters a computer, it scans the victim's drives systematically and encrypts media and document files. Threats like the MadLocker Ransomware are designed to target files that will usually contain important data, but that will not affect the computer's operation if gone. In this way, the MadLocker Ransomware takes the victim's computer hostage, but does not disable the victim's operating system.
  3. The MadLocker Ransomware is designed to display a ransom note, usually in the form of text files dropped on the victim's hard drive, changing the victim's Desktop image, and causing the affected computer's Web browser to display a message with instructions for payment.
  4. The messages displayed by the MadLocker Ransomware will instruct the victim to pay a ransom using an anonymous payment method such as Ukash, Bitcoin, PaySafeCards or similar methods. The preferred payment method used by modern ransomware variants involves cryptocurrency like BitCoin, usually done anonymously through the use of TOR.

Dealing with a Threat Such as the MadLocker Ransomware

If the MadLocker Ransomware has encrypted your files, PC security researchers strongly advise against paying its ransom. However, files encrypted by the MadLocker Ransomware and similar ransomware can seldom be recovered. In some cases, they can be recovered from the Shadow Volume, although threats like the MadLocker Ransomware will usually delete shadow copies of encrypted files. There are also some decryption utilities that have been useful for decrypting files encrypted by other ransomware variants. It may be worth to attempt decryption since many ransomware infections will simply use recycled code from other variants. However, to protect yourself from the MadLocker Ransomware and similar infections you should use prevention. PC security researchers strongly advise computer users to use backup methods (either on the cloud or an external memory device) to ensure that even if compromised, computer users can wipe their hard drives and reinstall the encrypted files from their backup.

SpyHunter Detects & Remove MadLocker/DMA Ransomware

File System Details

MadLocker/DMA Ransomware may create the following file(s):
# File Name MD5 Detections
1. fakturax.exe 6fbd3cdcafd6695c384a1119873786aa 1


Most Viewed