EGGLocker Ransomware

Posted by Sarah Stewart on April 13, 2018

What is EGGLocker Ransomware?

EGGLocker Ransomware is the newest ransomware infection specialists working at anti-spyware-101.com have discovered. At the time of research, it did not lock files on users’ computers and did not drop a ransom note demanding money, so it is safe to say that this malicious application is still in development. Of course, it might be updated soon, so do not be so sure that this infection cannot slither onto your computer and cause problems. Ransomware infections do not need to get permission from users to enter their computers, so it might not be very easy to protect your system against this threat too. If it is already too late for prevention, i.e. you have already encountered EGGLocker Ransomware, you must delete this infection right away even if it has not locked any personal files belonging to you – it might get updates and lock them all one day in the future. As research conducted by our specialists has shown, this ransomware infection creates a folder named EGG on Desktop, a file EGG.txt, and kills several processes on victims’ computers, but it still cannot be called sophisticated malware because it does not make any major modifications on affected systems. As a consequence, we are sure you will delete it from the system yourself with a little help from us. No, you are not allowed to keep it active on your system.testtesttest

Where does EGGLocker Ransomware come from?

Before we provide more information about EGGLocker Ransomware and the way it has been programmed to work, we should analyze how it is distributed. We are not going to lie to you – we still do not have much information about distribution methods cyber criminals adopt to promote this infection because it, as mentioned at the beginning, is still in development and, because of this, it is not distributed actively seeking to obtain money from users. Most likely, this will soon change, so users should know how crypto-threats are usually spread to prevent EGGLocker Ransomware from entering their systems. We are not 100% sure due to the lack of evidence, but it is very likely that this infection will also be primarily spread via spam emails. These emails contain malicious links or attachments, so users end up with malware when they click on the link or download the attachment found in the email. Of course, users can also download harmful infections from the web themselves. It has been observed that such threats as ransomware are often masqueraded as trustworthy software, for example, ransomware might look like an ordinary system cleaner. This is the reason why our security specialists always recommend users to download software only from trustworthy pages and avoid torrent websites.

What does EGGLocker Ransomware do?

EGGLocker Ransomware did not encrypt any files at the time of the analysis. It only created copies of users’ files with the .EGG extension leaving original files unencrypted. Once it is finished, it displays a pop-up “Your Windows might not support this software” and opens two pages http://chickenluck.win and https://www.sazava.pw automatically. Then, the DirectX Error is displayed. Of course, when EGGLocker Ransomware is finished, it should act completely differently. Most probably, it will go to encrypt files on victims’ computers the first thing after entering their systems. It might use the same extension .EGG to mark those files. At the time of research, it dropped EGG.txt, but it did not contain any message. We are sure that this will change in the updated version of this threat too. It should drop a ransom note demanding money instead. If you have already found your files locked and the ransomware infection demands money from you, you should delete it without sending a cent to malicious software developers. The chances are high that you will not rescue your files by paying the ransom, so you should keep the money to yourself. It is usually extremely difficult to unlock files encrypted by the ransomware infection, so we cannot promise that there will be a free way to decrypt your files if EGGLocker Ransomware has already ruined them.

How to delete EGGLocker Ransomware

You do not need to have much experience in malware removal to get rid of EGGLocker Ransomware yourself because this infection does not make any modifications that would be hard to undo and, on top of that, you will not find any new components created on your system except for the EGG folder and the EGG.txt file. If you do not find our ransomware removal instructions very helpful, you can delete this infection in an easier way – using an antimalware scanner.

EGGLocker Ransomware removal guide

  1. Open Windows Explorer by pressing Win+E.
  2. Go to %USERPROFILE%\Downloads and delete recently downloaded suspicious files.
  3. Remove the EGG folder from your Desktop.
  4. Remove EGG.txt dropped by the ransomware infection.
  5. Empty Trash. 100% FREE spyware scan and
    tested removal of EGGLocker Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *