MadLocker/DMA Ransomware Removal Guide

Do you know what MadLocker/DMA Ransomware is?

If you are introduced to a notification by MadLocker/DMA Ransomware (also known as DMA-Locker) from your desktop, there is no doubt that a ransomware infection has slithered in. Our research team found that this ransomware usually spreads via spam emails. If you do not wish to attract malware in the future, make sure that you delete spam emails without even opening them. Certainly do not download and open unfamiliar attachments or click on any links provided via spam emails. It was also found that malicious installers could be used for the distribution of this ransomware as well. Keep in mind that malware could hide behind authentic-looking installers, and you have to be extra cautious. If you are unable to keep malicious software away, you will have to delete it from your PC. This report discusses the removal of MadLocker/DMA Ransomware.

Do you value your personal photos and videos, as well as documents? If you truly do, you will have them backed up using a storage device or an online backup system. If this is the case, you can delete MadLocker/DMA Ransomware without further hesitation, remove the corrupted files, and replace them with the backup copies. Unfortunately, there are still many computer users who are careless with how they handle their own security, as well as the security of their personal files. These careless users are the ones that cyber criminals are after because they are the ones that are most likely to pay the ransom. This ransom is represented via a pop-up message that opens in a new window.MadLocker/DMA Ransomware Removal GuideMadLocker/DMA Ransomware screenshot
Scroll down for full removal instructions

There are plenty of well-known ransomware, including Chimera Ransomware and Shade Ransomware, that attach identifying extensions to the files encrypted. MadLocker/DMA Ransomware does not add an extension; however, if you cannot open a file, it must have been encrypted by this threat. In order to decrypt these files, you are urged to pay for a decryption key, and you might be asked any kind of sum in Bitcoins. It is most likely that you will be asked to pay 1 BTC, which, at the time of research, is about 430 USD. However, we have seen samples where users are asked 15 BTC (~6500 USD)! In either case, the price is high, and we do not advise rushing with the payment, especially if your files are already backed up.

The message provided by MadLocker/DMA Ransomware provides two additional links. One leads to an article on to push users into paying the ransom. The second link leads to a Wikipedia page that explains the Bitcoin currency. After this, the message lists the steps that you are required to make to decrypt personal files. This includes paying money, contacting the creators of ransomware, and applying the private decryption key into an appropriate box. Will this work? We cannot guarantee this; however, we can guarantee that your virtual security will remain vulnerable even if you have all of your personal files decrypted. Therefore, whether you choose to pay the ransom, lose the files, or use backup copies, you have to think about malware removal, as well as Windows protection.

The removal of MadLocker/DMA Ransomware is not very complicated. Once you remove the main executable and a registry entry, the infection should be eliminated. Unfortunately, successful removal does not mean that your files will be decrypted. You also need to keep in mind that other infections could have invaded your PC, or they could do that in the future. Until you take care of your virtual protection, you will be at risk of attracting all kinds of malware. Due to this, we suggest supporting your operating system with trusted antimalware software. If you install the right software, you will not need to worry about the removal of active computer infections, as well as full-time protection. Of course, you cannot forget to install all necessary updates; otherwise, the protection will not be well rounded. Do not forget to employ the right tools even if you manage to delete all malicious infections manually.

How to delete MadLocker/DMA Ransomware

  1. Launch Explorer (Win+E) and enter C:\ProgramData into the address bar.
  2. Find the ransomware executable (random letters in name) and Delete it.
  3. Tap Win+R on your keyboard to launch the RUN dialog box.
  4. Type regedit and click OK to launch the Registry Editor.
  5. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  6. Delete cssys with value data C:\ProgramData\ntserver.exe

In non-techie terms:

MadLocker/DMA Ransomware is an infection that you need to handle as soon as possible. Although all users need to delete this threat – and we offer two different options in this report – everything you do prior to this is your decision. Hopefully, your personal files are backed up, and you do not need to worry about their decryption. If your files are not backed up, you either need to forget about them or you can try to pay the ransom. This is not what we recommend, considering that cyber criminals cannot be trusted, and your payment could be wasted. All in all, you have to weigh all pros and cons before you make any final decisions regarding the removal of this ransomware.