Mrlocker Ransomware

Mrlocker Ransomware was designed to lock your computer’s screen and, thus, prevent you from using it altogether. Therefore, you have to remove it in order to use your PC again. The current version of this ransomware appears to be a test version as it locks the screen, but does not offer you a way to unlock it. In all cases, ransomware asks that the user send money to its developers to get back control of the PC. If your PC has become infected with this malicious application, then you may find yourself wondering how to overcome this issue. This article is an analysis of Mrlocker Ransomware presented in simple terms. In it we discuss how this program works, how it is distributed, and, most importantly, how you can get rid of it.

Mrlocker Ransomware is similar to Cryptodevil Screen Locker, CryptoFinancial Ransomware, and YouTube Ransomware because it is a type of ransomware that was configured to lock your computer’s screen. However, it is not as bad as ransomware that encrypt files because then you would really be in trouble. If your computer becomes infected with this present ransomware, then it will overlay the desktop with its lock screen that is blue in color. The screen contains text, and it claims that you have downloaded illegal content and, as punishment, your screen has been locked. You need a code to unlock it. However, this ransomware will not provide you with the means to do that.

We believe that this program was released like this for testing purposes. The whole idea behind a program such as this is to extract money from the victims, but Mrlocker Ransomware does not do that. Perhaps the completed version will feature an email address and a Bitcoin wallet address to send Bitcoins to the cyber criminals as this crypto currency is a favorite among ransomware developers. This program’s developers leave you to deal with it on your own. The good news is that there is a way you can get rid of it. After dissecting this program, we found that the code 6269521 will unlock your PC.

Furthermore, our analysis has revealed that this program tries to imitate a Windows process while it is running in the background. It can be disguised as either "taskmgr," "cmd," or "regedit, " and you have to end this process to delete the file because you cannot do that while it is running. Furthermore, upon infection, Mrlocker Ransomware sets up a Point of Execution (PoE) in the form of a registry subkey. This subkey is set to launch this program on system start up. The subkey value name is“Mr Locker, ” and it is located at HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Also, the original file name of this ransomware is MrLocker.exe, and it can be placed in %TEMP% if you run it without downloading it as we believe it should be distributed via email spam.

Indeed, most ransomware is disseminated via email, and this is probably the case with Mrlocker Ransomware as well. Malicious emails are sent from a dedicated server to random email addresses. This ransomware is most likely included as an attachment, and if you open and run the attached file, then this ransomware will infect your PC and immediately lock its screen.

While Mrlocker Ransomware has the potential to become a highly malicious application, it certainly is not one yet. You can bypass its lock screen and remove it manually. However, if you cannot locate its main executable file we recommend you use SpyHunter’s free scanner to detect it and the go the location of the file and delete it manually. See the guide below for more information.

Removal Instructions

1. Open your web browser.
2. Go to http://www.pcthreat.com/download-sph
3. Download SpyHunter-Installer.exe and run it.
4. Launch the program and click Scan Computer Now!
5. Copy the file path of the malware from the scan results.
6. Simultaneously press Windows+E keys.
7. Enter the file path of the malware in File Explorer’s address box.
8. Press Enter.
9. Find and right-click the malicious file and then click Delete.
10. Empty the Recycle Bin.