Home / Spyware Help / Dilmalocker Ransomware Removal Guide

Dilmalocker Ransomware Removal Guide

by 0 Comments

Do you know what Dilmalocker Ransomware is?

If you find out that Dilmalocker Ransomware has slithered onto your computer, the bad news is that you may lose all your important personal files in this malicious attack. Unfortunately, this malicious program can show up on your PC behind your back and encrypt all the targeted files in a few minutes tops. This ransomware generates a unique key that is stored on a remote server. Without this key you it is practically impossible to restore your files unless malware experts can come up with a crack and release a free tool on the web. This might happen in this case too but we have no information about such a tool as of yet. Although these cyber criminals claim that you can buy this key for a certain ransom fee, we do not encourage anyone to pay. Experience shows that it is very rare that such crooks actually send you anything other than more serious threats to extort more money from you. Our researchers believe that it is best to remove Dilmalocker Ransomware from your PC immediately without hesitation even if this may come with a price. Please note that this will not recover your files. You can only have your files back in this case if you have a backup saved in cloud storage or on a removable hard disk of some sort.

If this dangerous program managed to hit your computer, it is quite possible that you opened the wrong e-mail and viewed its attachment. This malware infection mainly spreads in spam e-mails as a disguised attached file. This file may look like an image or text document but, in reality, it is an executable file that initiates this malicious attack behind your back. While you may be busy figuring out what this file tries to show you or tell you, your files will be rendered useless in the background. This is why there is just not enough time frame for you to be able to catch this beast and stop it before the damage is done. No wonder then why you cannot delete Dilmalocker Ransomware without this great loss. Such a spam may make you believe that it is urgent for you to open it. This is mainly done by choosing the right subject line that would draw anyone's attention basically, such as a wrongly made flight booking, the use of wrong banking details in an online purchase, and so on. We advise you to always double-check mails that seem to be questionable with their sender to make sure they were meant for you to get along with the attached file.Dilmalocker Ransomware Removal GuideDilmalocker Ransomware screenshot
Scroll down for full removal instructions

It is also possible that your computer has remote desktop software (e.g., TeamViewer) installed but it is configured weakly and this can be exploited by sophisticated cyber crooks to break into your system and thus initiate this dangerous attack on your files. You may be able to prevent such an attack from happening by choosing strong passwords and configuring your software properly.

It seems that this malware infection uses the same AES-256 that most of its predecessors have used in the past. It mainly targets files that can be important to you, such as your pictures, videos, text documents, archives, and databases. Without these files your computer would become meaningless to most people and these crooks are perfectly aware of this. The infected files do not change their names; however, they get a new extension, ".__dilmaV1" that can help you identify this threat. This ransomware program also creates a couple of files on your system. For example, it drops "RECUPERE_SEUS_ARQUIVOS.html," "background.bmp, and "dilminha.dat" on your desktop as well as "DILMA_LOCKER_v1.hta" in the "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup" directory.

Upon completion this infection changes your desktop wallpaper and its own image ("background.bmp") shows up on your screen, which contains the first part of the ransom note and an image of the 36th president of Brazil, who is this infection is named after, Dilma Rousseff. Basically, this warning message informs you about the fact that your files have been encrypted and there is no other way for you to get them back unless you pay for the decryption key. In order to have the details, you have to open the .html file that is left on your desktop.

You have to transfer 3000 BRL (about 947 USD) in Bitcoins to a Bitcoin address and send an e-mail to "dilmaonion@keemail.me" in which you can also attach one file to be decrypted for free. We do not recommend that you send an e-mail or money to these criminals because it rarely ends well, to be quite frank. In this situation only your file backup can really save you from losing your files or a free tool if it might surface in the near future. We highly recommend that you do not hesitate to remove Dilmalocker Ransomware from your PC.

Fortunately, it is not too complicated to put an end to this ransomware program once it has finished its dirty job. You can simply locate all the related files and delete them from your computer. If you need help with this, you can use our guide below this article. If you care about your files and your operating system, it is important that you try to protect them with utmost care. If you cannot seem to be able to surf the web securely enough, we recommend that you install a reliable anti-malware program, such as SpyHunter to automatically safeguard your PC.

Remove Dilmalocker Ransomware from Windows

  1. Tap Win+E.
  2. Delete suspicious files from your system that you have downloaded recently. (These could be in your default download folders or where you may have chosen to save them.)
  3. Scan through the startup locations for "DILMA_LOCKER_v1.hta" and delete it if found:
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Start Menu\Programs\Startup
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
  4. Delete "RECUPERE_SEUS_ARQUIVOS.html," "background.bmp," and "dilminha.dat" from your desktop.
  5. Empty your Recycle Bin.
  6. Restart your computer.

In non-techie terms:

Dilmalocker Ransomware is your next nightmare that can hit you hard because this ransomware infection can slither onto your system without your noticing it and encrypt all your important files in order to extort money from you for the decryption key. This malware program seems to target Brazil and other Portuguese-speaking countries as concluded by our researchers. This dangerous infection can infiltrate your PC via spam mails or so-called RDP attacks (Remote Desktop Protocol). When your computer is not protected by professional security software, you need to be extra careful even going online and clicking on web content. We do not believe that it is a good idea to contact cyber criminals and pay them money, and not only because that would be like supporting cybercrime. We recommend that you remove Dilmalocker Ransomware from your computer if you want to restore your system even if this could mean losing your precious files. If you do not want to experience similar attacks in the future, we suggest that you protect your PC with a trustworthy anti-malware program ASAP.