Dilmalocker Ransomware Removal Guide

Dilmalocker, also spelt DilmaLocker and Dilma Locker, is a nasty ransomware infection that locks you out of your files. The Dilmalocker ransomware does not differ from other ransomware infections. It encrypts files, changes the background image, and displays a ransom message in a .html file. The most distinctive feature is that the ransomware targets Portuguese-speaking computer users who are likely to know Dilma Rousseff, the first female president of Brazil.

The reason why the creators of the infection chose this politician can be only predicted, but it seems that the image of this politician was selected because of her being accused of breaking fiscal laws. This type of threatening when politicians' names are used in ransom warnings is not a novelty. Some similar cases are known to malware researchers, not to mention a great deal of ransom notes that are supposedly issued by law enforcement agencies.

Once the Dilmalocker ransomware finds its way to your operating system, it changes the background of the desktop to an image containing Ms Rousseff and a ransom warning. The same ransom message is available in the RECUPERE_SEUS_ARQUIVOS.html file, which is located on the desktop alongside with the file of the background image background.bmp.  The same ransom note is available as the file DILMA_LOCKER_v1.hta, which is created in the directory %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup, so that the ransom note is launched every time the system loads. The threat also creates its file dilminha.dat on the desktop. All these files must be removed in order to have the infection eliminated from your PC. If you are eager to terminate the infection straight away, move down for the removal instructions to the bottom of this review.

The infection encrypts different types of files, the most important of which without a doubt are pictures, documents, video and audio files. All the files encoded by the ransomware are marked by adding the extra extension .__dilmaV1.

There are several types of data encryption used for multiple purposes by different institutions, including governments, banks, and other entities where data transmission has to  be carried out secretly and safely. The Dilmalocker ransomware uses AES 256 encryption, which is one of the most popular encryption methods. The attacker requires that you pay a ransom of 3,000 Brazilan reals in the Bitcoin currency in 4 days; otherwise, all the encrypted files are said to be deleted. Our advice is that you ignore the demand to pay the ransom fee and take action to remove the Dilmalocker ransomware from your computer.

The attacker suggests decrypting one file of your choice for free if the file is smaller than 3 MB. The selected file has to be sent to dilmaonion@keemail.me.  Even if you regain access to your file, that does not mean that you will regain access to all of the files affected by the infection. Nobody can ensure that submitting the payment will result in file decryption, so you should not encourage the attacker by making a payment.

Ransomware is usually highly damaging, so it is important to make copies of your files on a regular basis or whenever you create or get something valuable. Data backups should be stored separately so that malicious programs cannot access your sensitive information and delete it or use for other purposes. Again, paying the money required does not guarantee that the crooks behind the threat would be kind enough to restore your data back to normal. All that you should focus on at the moment is remove the infection and protect the system against thousands of other threats circulating on the Internet.

Below you will find our removal guide that will help you get rid of the unwanted application. Running a system scan is also highly recommended since this is how you can get the view of the actual security status of your operating system. Files of different complexity might be located in different folders without your knowledge. Only a reputable scanner can locate all the files that should be eliminated. In case of any questions, feel free to comment below.

How to remove the Dilmalocker ransomware

1. Check the desktop for dilminha.dat, background.bmp, RECUPERE_SEUS_ARQUIVOS.html and delete them.
2. Check the Downloads folder and other locations to which downloaded files might be saved.
3. Access the following locations to find and delete the file DILMA_LOCKER_v1.hta by using the Win+Rcommand and entering the text %ALLUSERPROFILE% and %APPDATA% separately:
   • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
   • %ALLUSERSPROFILE%\Start Menu\Programs\Startup
   • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
   • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
   • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup