Mordor Ransomware

What is Mordor Ransomware?

For those who are familiar with the Lord of the Rings trilogy the very title of Mordor Ransomware should make it clear it is a dangerous application as the word Mordor translates into The Black Land or The Land of Shadows. However, compared with other threats alike, the malware does not seem to be so harmful. According to our computer security specialists at, the malicious application does not lock the screen or damage data belonging to the operating system. In other words, if you encounter such threat you might lose all personal data, but at least you could still be able to use the computer normally, although we would recommend erasing the infection first. Mordor Ransomware can be eliminated manually with the instructions located below or with a reliable antimalware tool.testtesttest

How does Mordor Ransomware work?

It would seem the hackers behind Mordor Ransomware created the infection while using an open source ransomware called Hidden Tear. Apparently, the code was modified, so the newly created malicious application acts slightly differently. Also, because of this, the malware’s damaged files cannot be decrypted with a free decryption tool designed for Hidden Tear Ransomware. For the encryption process, the threat uses a secure cryptosystem known as Advanced Encryption Standard (AES). Thus, the locked files become unusable, and you cannot recover them without a unique decryption key. Users can quickly separate damaged files from unaffected ones by looking at their extension: files that were locked should have an additional one called .mordor, e.g. tree.jpg.mordor.

Soon after encrypting user’s data Mordor Ransomware should open a ransom note called READ_ME.html. The message within is written both in the English and Russian languages. Since both texts contain grammar mistakes, probably neither of them is the native language of the hacker who created the malicious application. According to the message the user should click the link provided below. As you see the website you get redirected to should explain how to make the payment and get the decryption tool in exchange. The problem is there are no reassurances the provided decryption tool will work. Meaning, there is a chance you could lose the money you pay to the malware’s creators in vain. This is why we would advise you to search for other ways to unlock encrypted files, e.g. recovery software, backup files, and so on.

How to erase Mordor Ransomware?

Unfortunately, deleting Mordor Ransomware will not restore the files it damaged, but still, it is important that you do so if you want to keep the system clean and secure. One of the ways of removing the infection is to locate data belonging to it manually, as it is explained in the instructions placed below this text. They will show you where you could have downloaded the malicious application’s launcher and how to get rid of it manually. If you prefer completing this task with automatic tools we recommend acquiring a legitimate antimalware tool. With the help of it, you could run a full system scan, during which the tool could detect even other possible threats. Therefore, if you suspect your system is insecure, the antimalware software might be the best option.

Remove Mordor Ransomware

  1. Press Win+E.
  2. Locate the mentioned directories: %TEMP%, %USERPROFILE%\desktop, %USERPROFILE%\downloads
  3. Find the malware’s launcher.
  4. Select the infected file and tap Shift+Delete.
  5. Locate the file called READ_ME.html, select it and press Shift+Delete too.
  6. Then close File Explorer and reboot the system. 100% FREE spyware scan and
    tested removal of Mordor Ransomware*

Leave a Comment

Enter the numbers in the box to the right *