THREAT REMOVAL

.EG Virus File (MedusaLocker Ransomware) – Remove It

.EG file extension is placed on all of your files? .EG Virus File is also known as MedusaLocker ransomware which locks files on a computer and demands money to be paid as a ransom for unlocking them.

stf-EG-file-virus-ransomware-instructions-message

MedusaLocker Ransomware (.EG Virus File)

MedusaLocker or otherwise known as .EG Virus File is a ransomware type virus. It encrypts files by appending the .EG extension to them, making them inaccessible. All encrypted files will receive the new extension. The MedusaLocker ransomware drops a ransom note, which gives instructions to victims on how they can allegedly restore their data by paying a ransom fee.

MedusaLocker Ransomware Virus

MedusaLocker Ransomware will encrypt all types of files such as audio, video, pictures, backups, banking data and other personal user files found on a compromised computer system.

.EG VIrus Summary

Name.EG VIrus
File Extension.EG
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts files on your computer system and demands a ransom to be paid to allegedly recover them.
SymptomsThe MedusaLocker ransomware will encrypt your files by appending the .EG extension to them.
Ransom Demanding NoteRecovery_Instructions.html
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by malware

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .EG VIrus.

.EG Virus File – How Did It Infect My PC and What Happened?

.EG Virus File might spread its infection via a payload dropper, which initiates the malicious script for this ransomware. The virus might also distribute its payload file on social media and file-sharing services. Freeware which is found on the Web can be presented as helpful also be hiding the malicious script for the cryptovirus.

The ransomware encrypts your files and shows ransomware instructions inside a ransom note that is called Recovery_Instructions.html as showcased in the picture below:

stf-EG-file-virus-ransomware-instructions-message

The note states the following:

YOUR PERSONAL ID:
D59994A63BC1F4AEF34D04BA61832D50DF5E42049366B8667 [всего 1024 знаков] /!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!
Your files are safe! Only modified. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.
No software available on internet can help you. We are the only ones able to
solve your problem.
We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..
We only seek money and our goal is not to damage your reputation or prevent
your business from running.
You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.
Contact us for price and get decryption software.

* Note that this server is available via Tor browser only
Follow the instructions to open the link:
1. Type the addres “https://www.torproject.org” in your Internet browser. It opens the Tor site.
2. Press “Download Tor”, then press “Download Tor Browser Bundle”, install and run it.
3. Now you have Tor browser. In the Tor Browser open “{{URL}}”.
4. Start a chat and follow the further instructions.
If you can not use the above link, use the email:

dec_helper@dremno.com

dec_helper@excic.com

Make contact as soon as possible. Your private key (decryption key)
is only stored temporarily.
IF YOU DON’T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.

You should NOT under any circumstances pay any ransom sum.

The extortionists want you to pay a ransom for the alleged restoration of your files, same as with a lot of ransomware viruses. .EG Virus File ransomware could make entries in the Windows Registry to achieve persistence, and could launch or repress processes in a Windows system. All encrypted files will receive the .EG extension. Audio, video, image files as well as documents, backups and banking data can be encrypted by the ransomware.

The .EG Virus File could be set to erase all the Shadow Volume Copies from the Windows operating system with the help of the following command:

→vssadmin.exe delete shadows /all /Quiet

Remove .EG Virus File

If your computer got infected with the .EG Virus File, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Tsetso Mihailov

Tsetso Mihailov

Tsetso Mihailov is a tech-geek and loves everything that is tech-related, while observing the latest news surrounding technologies. He has worked in IT before, as a system administrator and a computer repair technician. Dealing with malware since his teens, he is determined to spread word about the latest threats revolving around computer security.

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...