DMA Locker 4.0 Dissected

The domain of ransomware is in disarray in light of TeslaCrypt's recent explosion; consequently, the creators of DMA Locker have embarked upon making their ware still more dangerous via releasing version 4.0.

Security investigators didn't face any problem designing one decrypter, which retrieved end-users' locked files An identical situation occurred with DMA Locker version 2.0 that emerged after about 30 days when February began. Nonetheless, the investigators observed advancement from version 1.0.

When on February end, version 3.0 emerged malware analysts unlike ever-before could not crack it. There were as well the earliest indications of one improved mechanism of encryption in the sample.

After this there was an overtly long break in DMA Locker's development until some days back, when Hasherezade Security Researcher with Malwarebytes observed DMA Locker 4.0's first appearance. This fresh edition carries several advancements, making DMA Locker the top ransomware from the mediocre category it was.

Thus the two main improvements are, one an updated distribution which currently employs NEK (Neutrino Exploit Kit). Earlier the malware required being planted onto a PC via one compromised remote desktop activity; however, currently, its delivery being through an exploit kit results in numerous more people becoming its victims.

The other vital advancement is forgoing any direct connection with human. Previously, the malware made its victim communicate with its controller via e-mail, but currently there is one payment panel involved while the procedure gets done automatically when victim receives the decrypting code from the C&C system once he makes the payment. Interestingly according to Hasherezade, the DMA Locker unlike remaining ransomware strains has its ransom panel supported within normal environment and not via the Tor website. Scmagazine.com posted this, May 24, 2016.

DMA Locker, unlike its earlier editions, has made massive jumps, imbibing nearly the way professional threats similar as CryptoWall or Locky works. Hasherezade expresses belief there's going to occur one gigantic distribution scheme.

In another way it's the same like previous editions, asking for one Bitcoin as the ransom amount. However, following evolution it offers an alternative for decoding one test file while there's presently one web-link taking onto certain tutorial on its attack techniques.

» SPAMfighter News - 5/31/2016