EGGLocker Ransomware can lock your screen and disrupt your computer’s performance by killing processes like explorer.exe. However, our specialists say the malware might have been created also for enciphering user’s files with a strong encryption algorithm, although none of the samples so far were able to do this. As you see, such threats are usually created to extort money from users by asking to pay a ransom in exchange for a decryption tool. Of course, EGGLocker Ransomware’s creators could try to trick users, but since the screen can be unlocked with a simple system restart, the victim can learn that none of his files were enciphered rather fast. Naturally, no user would want to waste money on tools he does not need. Truth to be told, there is always a possibility the cybercriminals behind the infection may scam you. Which is why we always recommend not to take any chances; and erase the malicious application. If you need any help while removing this malware, feel free to use the instructions located below. As for more details about it, we invite you to read the rest of this report.
Threats like EGGLocker Ransomware often travel with malicious Spam emails, fake installers, and so on. At the moment of writing it is unclear how this malicious application could settle in. In fact, our specialists are not even sure users can come across it yet. That is because it is highly possible the malware is still under the development stage. Just like we explained earlier, with the current threat’s functionality we doubt cybercriminals behind it would be able to extort any money. In other words, there would be no use in distributing it right now, and if it ever gets updated, it would probably get a new name too. To protect the computer against it, we recommend installing a reliable security tool of your preferences. Moreover, users should watch out for suspicious email attachments and try not to download any doubtful data from the Internet, for example, pirated software, installers promoted via annoying pop-ups, untrustworthy freeware, data from unreliable file-sharing web pages, etc.
As mentioned earlier, the samples we tested did not encrypt any data on the computer, even though, from their codes, our specialists could see EGGLocker Ransomware was designed to target data in the %USERPROFILE%\Desktop, %USERPROFILE%\Pictures, %USERPROFILE%\Documents, %USERPROFILE%\Music, %USERPROFILE%\Favorites, %USERPROFILE%\Recent, and %AppData%\Microsoft\Windows\Cookies directories. All files located in the listed folders should be marked with the .EGG extension, for example, text.docx.EGG. What’s more, before locking the screen EGGLocker Ransomware might show a warning with text written in the Czech or English language. Besides, it could kill the processes explerer.exe, steam.exe, skype.exe, ts3client_win64, to disrupt the computer’s performance. Afterward, it should open user’s default browser and redirect to a particular site. At this point, the computer's screen should be locked, and the user may not be able to close the opened window.
Our specialists advise not to panic and restart the computer. Once the screen is unlocked you should be able to check if your files are okay; double click them and if you can launch them; it means they were not enciphered. The next step would be to eliminate EGGLocker Ransomware, and the instructions located below will tell you how to delete it manually. The other option is to acquire a reliable security tool, scan the computer with it and let it erase the threat for you by pressing the given removal button.