EG83 Ransomware

EG83 Ransomware is a threat that encrypts files and displays a note demanding to pay for their decryption. In other words, the malicious application does not damage your files, but makes them unreadable. The encryption process can be reversed with special decryption tools, in which case, the files ought to be readable again. The bad news is that there are no guarantees that you will get the promised decryption tools. Even if you pay the ransom, there is still a possibility that you could get scammed. This is why we advise against paying ransom if you do not want to or cannot risk losing your money in vain. Also, we advise deleting EG83 Ransomware as keeping it on your system might still be dangerous. If you want to know why as well as more details about the malware, we encourage you to read the rest of this article, and check the deletion instructions placed below the text.

Threats like EG83 Ransomware are often spread through Spam emails or malicious file-sharing websites. However, according to researchers, this malicious application is or was being spread through unsecured Remote Desktop Protocol (RDP) connections. It means that hackers behind it might drop the malware on a victim’s device by gaining unauthorized access to it. To prevent this we recommend making sure that your RDP connections are secured or that you disable them if you do not need to use them. Another thing that specialists highly recommend is having an antimalware tool that could protect your device against various malicious applications. Just make sure that it is reputable and try to keep it up to date so that it would be able to guard your system against more threats.

While testing this malicious application, our researchers noticed that it may search for local IP addresses with enabled file-sharing functionality and try to infect such devices as well. Meaning, EG83 Ransomware might be able to infect other machines connected to the already infected device. After entering the system, the threat should encrypt files that could be valuable, for example, photos, various documents, and data alike. Each encrypted file should be renamed. To replace original titles, the malicious application ought to generate names from random characters. Also, each encrypted file should be marked with a prefix ([Evagreps83@yahoo.com]) and extension (.EG83), for example, [Evagreps83@yahoo.com].wiyQKaCI-b1E1EIpZ.EG83. Thus, victims of the malware might be unable to recognize their files once they get encrypted.

Once EG83 Ransomware encrypts the files that it targets the application should change a users' wallpaper with a picture that shows a message written in red. This message should say that if a user wants to decrypt his files he should contact the malware’s developers and pay ransom. In exchange for paying, hackers promise to send decryption tools via email. A similar message should be available on text documents called !EG83_INFO!.rtf that ought to appear on every directory that contains encrypted files. However, the text on the mentioned document should be longer and contain more explanations on how to get your data back. It should even contain a suggestion that says users can send 3 small files for free decryption.

What is vital to understand is even if hackers prove that they have decryption tools, it does not mean that they will have them forever or that they will deliver them. In other words, you could be scammed even if you put up with their demands and so paying ransom is risky. Consequently, we advise against it if you have no wish to risk your money as well as fund cybercriminals. If that is the case, we advise deleting EG83 Ransomware with no hesitation. In fact, as we mentioned earlier, it would be safer to eliminate the malware since it might be able to connect to other devices and encrypted data on them as well. If you want to try to erase EG83 Ransomware manually, you could use the instructions placed below. If the task seems to be too complicated or you want to be sure that the threat gets eliminated, we recommend employing a reputable antimalware tool that would remove it for you.

Restart the computer in Safe Mode

Windows 8/Windows 10

1. Press Win+I for Windows 8 or open Start menu for Windows 10.
2. Click the Power button.
3. Press and hold Shift, then click Restart.
4. Pick Troubleshoot and choose Advanced Options.
5. Go to Startup Settings and click Restart.
6. Click F5 and restart the PC.

Windows XP/Windows Vista/Windows 7

1. Go to Start, select Shutdown options, and pick Restart.
2. Click and hold F8 when the PC starts restarting.
3. Select Safe Mode with Networking.
4. Press Enter and log on.

Remove EG83 Ransomware

1. Click Win+E.
2. Find these paths:
   %TEMP%
   %USERPROFILE%\Downloads
   %USERPROFILE%\Desktop
3. Locate the malicious application’s launcher (some suspicious file created or downloaded right before the infection appeared).
4. Right-click it and select Delete.
5. Locate files called !EG83_INFO!.rtf, right-click them, and select Delete.
6. Find this directory: %APPDATA%
7. Find a suspicious .BMP file, for example, aLsQR91z.bmp, right-click it, and choose Delete.
8. Exit File Explorer.
9. Empty Recycle Bin.
10. Restart the computer.