DilmaLocker Ransomware

Posted: September 8, 2017

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	97

First Seen:	September 8, 2017
OS(es) Affected:	Windows

The DilmaLocker Ransomware is a Trojan that gains access to your PC by pretending to be a safe content, and then, encrypts your files. Expected symptoms of a DilmaLocker Ransomware infection include the appending of a custom extension to the names of any locked media, wallpaper hijackings, and pop-up alerts. Victims may recover their files through backups or accept help from third-party malware researchers for a chance at decryption, and uninstalling the DilmaLocker Ransomware should use anti-malware products designed for detecting similar threats.

A Mascot Hijacked for Data Attacks

Although it's known for being a playground for banking spyware primarily, Brazil also may be receiving new software problems in the form of harmful encryption. The new threat that's presenting this payload, the DilmaLocker Ransomware, is compromising PCs by pretending that its installer is a resume (using a false extension) or a package for Adobe's Acrobat Reader. The DilmaLocker Ransomware proceeds to take the victim's files hostage after being installed.

The DilmaLocker Ransomware uses an AES-256 encoding routine for encrypting text documents and similar media while showing no symptoms of the ongoing process. All files that the DilmaLocker Ransomware encrypts display '.__dilmaV1' extensions. The Trojan completes its attacks with a brief pop-up alert and by swapping out the user's desktop image with its ransoming message.

Unsurprisingly, given its name, the DilmaLocker Ransomware's instructions use the theme of 'Dilma Bolada,' the Web mascot of Brazilian president Dilma Rousseff. The text also uses Portuguese, asks for payment in Brazilian Real, and gives the victim four days to pay for the decryption code. The ransoms are at the equivalent of a thousand USD or more, which makes the DilmaLocker Ransomware one of the most expensive of South American, file-encoding threats in malware experts' analyses.

Taking Your Computer Back from Political Mockery

While most aspects of the DilmaLocker Ransomware's payload target Brazilian PC users blatantly, encryption is capable of damaging the files of any PC without respect for its local language settings or IP address-implied region of residence. Since the DilmaLocker Ransomware uses at least two formats of distinct, separate disguises for concealing itself notably, users should be suspicious of any downloadable content that could serve as its infection vector, including email attachments particularly. Malware researchers have yet to provide word on whether the DilmaLocker Ransomware's encryption is likely to be breakable by third parties.

Due to decoding any files that the DilmaLocker Ransomware blocks not being possible necessarily, backing up your work may be the only viable solution for keeping them preserved from this threat's encryption attacks. You should avoid exposing any detached backup devices to a compromised PC until after your anti-malware solutions delete the DilmaLocker Ransomware. Detachable storage drives are highly viable recovery options against this threat, although default backups stored by Windows, such as the Shadow Copies, are at risk of non-consensual deletion.

A brand name can be a form of power, both for its user and its audience. However, in the DilmaLocker Ransomware's instance, the advantage appears to lie on the side of any victim, who can use this threat's symptoms for identifying an infection quickly and, then, formulate a proper response.