EGGLocker Ransomware
The EGGLocker Ransomware is an encryption ransomware Trojan that was first observed on March 24, 2018. The EGGLocker Ransomware is intended to encrypt files and deliver a screen locker, which prevents access to the affected computer. However, PC security researchers suspect that the EGGLocker Ransomware is unfinished currently. This is because the EGGLocker Ransomware does not lock the victim's computer effectively. The EGGLocker Ransomware does not delete the Shadow Volume copies of the affected files, which allows the victims of the attack to recover the files encrypted by the attack relatively easily during its encryption process. PC security researchers also suspect that the EGGLocker Ransomware was designed to attack computer users in Czech-speaking regions due to the content and document associated with the EGGLocker Ransomware attack.
Czech-Speaking PC Users are the Primary Targets of the EGGLocker Ransomware
Since the EGGLocker Ransomware seems to be in an unfinished state, it is difficult to know how much of the EGGLocker Ransomware attack is functioning as intended and how much of it may change as the EGGLocker Ransomware is developed further. The EGGLocker Ransomware runs as an executable named 'EGG.exe' on the targeted computers. The EGGLocker Ransomware will rename the files it affects by adding the file extension '.EGG' to the end of each affected file's name. The EGGLocker Ransomware infection has been linked to a fake DirectX notification, which claims that this application encountered a problem and needs to close, which aids the EGGLocker Ransomware in its attack. Threats like the EGGLocker Ransomware are designed to encrypt the user-generated files while avoiding the Windows system files, which are needed for the victim to access the affected PC to carry out the payment of a ransom amount. The following are some of the file types that are typically encrypted in these attacks:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
When the victims close the fake DirectX notification, the website 'chickenluck.win' will be loaded automatically on their Web browser. This website is dedicated to a person named 'Krysto Foxik' with several social media and website accounts. It is unclear if the person featured in this page is involved in the EGGLocker Ransomware attack directly or if it is an individual that has been chosen by the people responsible for the EGGLocker Ransomware as part of their infection.
Dealing with the EGGLocker Ransomware Infection
Fortunately, since the EGGLocker Ransomware does not delete the Shadow Volume snapshots of the files encrypted on the victim's computer, it is relatively simple to restore the files affected by the attack. The vast majority of these threats (and possibly the EGGLocker Ransomware itself if it is ever updated) will delete the Shadow Volume copies, which makes the files unrecoverable completely. Malware researchers counsel computer users to restore their files by using the Shadow Volume copies and take steps to ensure that their Pcs are safeguarded against threats like the EGGLocker Ransomware. The best protection against these threats includes the use of a security program that is fully up-to-date and having file backups stored in protected locations. This allows the victims of the EGGLocker Ransomware attack the option of restoring their files easily by replacing them with backup copies.
