Mordor Ransomware is also known by the names Milene Ransomware, Game SuperCow, or SuperCow. It is a file-encrypting threat, so it might cause a lot of trouble for users who do not have any backup copies on removable media devices, cloud storage, or other places besides the infected device. If your computer got infected with this harmful application, we urge you to read the rest of the article and learn more important details about the malware. Users who are looking for a way to remove the malicious program from their system should take a look at our recommended deletion steps placed just below the report too. Of course, erasing it manually might appear to be quite difficult for some of you, and in such case, it would be advisable to employ a reliable security tool.
So far there is no information on how Mordor Ransomware is distributed. Our researchers say there are a lot of ways the malware could enter the system, but probably the possible variants are distribution via Spam emails and malicious file-sharing web pages. Therefore, the user might infect the system accidentally after opening a suspicious file downloaded through the mentioned channels. Consequently, we would advise you always to check data raising suspicion before opening; otherwise the consequences might be irreparable. To check questionable data, you could employ a reputable removal tool as it could both warn you about possible threats and keep the system protected and clean.
Once the infection’s installer starts running, Mordor Ransomware might immediately start enciphering your files with a strong encryption algorithm called AES. For instance, it could encrypt any file that has .3dm, .3ds, .sql, .mp4, .7z, .csv, .rar, .m4a, .wma, .avi, .wmv, .d3dbsp, .zip, .sie, .sum, .ibank, .bkp, .qic, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, or other targeted extensions as the actual list is a few times bigger. We should mention the malware does not target files with the .exe extension, which means it is programmed to encipher only personal user's data. All files that get encrypted should be marked with a second extension titled as .mordor. For example, if you had an image titled forest.jpg, it will look like forest.jpg.mordor after the malicious program enciphers it.
Lastly, the malicious program should drop an HTML file called READ_ME in the C:\Users\User\Desktop directory. It contains a short warning telling to go to Mordor Ransomware’s web page available on trustmordor.pw. The site allows picking either English or Russian language. Also, it should explain how to transfer the requested amount of money or in other words the ransom, but at the moment of writing it seems like there are some troubles with the site. Either way, we would not recommend putting up with any demands since there is a possibility you might be unable to get the decryption tools even after making the transfer, for example, there could be connection problems with the cyber criminal’s server, and without a strong connection it could be impossible to obtain the decryption key. Thus, we urge you not to take any chances and secure the system immediately by erasing the infection.
If you do not remember the name of the suspicious file you had launched before the system got infected, eliminating Mordor Ransomware manually could be slightly complicated. Our recommended deletion steps can suggest a few possible directories where this malicious file could be located, but as we do not know its title, we cannot be more specific. Luckily, there is an easier way to get rid of the malware if you are willing to get a reliable security tool. At first, the user should install the software. Then we would advise you to run a full system scan. After the scan, you should be able to review all identified threats, or you could remove them right away by clicking the deletion button.