EGGLocker Ransomware

The research revealed EGGLocker Ransomware might be still unable to encrypt any data on the infected computer, although according to our researchers it can lock user’s screen. If you think this malicious program might have settled in on your system, we recommend reading the rest of this article to learn more about it. Further, we will talk about the malware’s effective manner, possible distribution channels, and its deletion. Our researchers even prepared detailed removal instructions showing how to get rid of EGGLocker Ransomware; you can find them at the end of the text. However, before attempting to erase the threat manually, you should know no samples are working properly, which means the instructions could be slightly inaccurate and so it might be smarted to employ a reliable antimalware tool instead. In any case, if you have any doubts or questions related to the malicious program or its deletion do not forget you can contact us through the comments section below or social media.

We believe the version we might have encountered could be one of the first ones or to be more precise still a test variant. This would explain why EGGLocker Ransomware fails to encrypt any data. The question is if this malicious program could be already distributed? Our researchers say it is possible the hackers who created it may spread it among some users to test its capabilities and learn where it could fail. In which case we believe the malware might be distributed through infected email attachments. Such files could be delivered with Spam emails and so on. It is always advisable to stay away from data sent by unknown senders even if it looks harmless. For example, the malware’s launcher could be made to look like a text document, a picture, video, etc. Unfortunately, if the user launches it, the system might get infected right away. For users who still would like to check such email attachments even though they appear to be suspicious we would recommend at least scanning them with a reliable antimalware tool first.

What happens if EGGLocker Ransomware manages to enter the system? As mentioned earlier, the malicious program may attempt to locate and encrypt user’s personal data; it is just the version we tested failed to do so. Later, it was noticed the threat could create a text document containing a message: “TEST EGG LOCKERU.” If the infection ever gets updated this file could contain instructions on how to pay a ransom and get decryption tools. In other words, it could be the threat’s ransom note. Shortly after, the malicious program could open messages saying: “Your Windows might not support this software” and so on to confuse the victim. Some of them might be written in the Czech language, which means EGGLocker Ransomware might be created by hackers from the Czech Republic or it could be targeted at users living there. Later on, the malware may kill explorer.exe and some other processes. Then, it should open a window that cannot be closed.

Fortunately, our researchers know what to do to gain back the system’s control. Apparently, all you have to do is reboot the infected computer, and the screen should be unlocked. It is important to mention if EGGLocker Ransomware ever gets updated it might not be enough to reset the device normally as the research shows the victim would have to restart it in Safe Mode. Also, we learned that if the malicious program would work normally, it should encrypt files in the Desktop, Pictures, and other similar folders located in %USERPROFILE%. The encrypted data is supposed to get a second extension as well (sunset.jpg.EGG). Given the malware does not encrypt any files yet we recommend not to waste any time with it and erase it at once. To learn how one could remove such a threat manually you should follow the instructions available below. As for less experienced users, we would recommend employing a reliable antimalware tool of their choice.

Remove EGGLocker Ransomware

1. Restart the computer to unlock the screen.
2. Wait till it boots up.
3. Tap Win+E.
4. Navigate to:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
5. Check if you can find the malicious file downloaded before the computer got infected.
6. Right-click the suspicious file and press Delete.
7. If the infection’s drops ransom notes delete them too.
8. Close File Explorer.
9. Empty your Recycle bin.
10. Reboot the system.