Home / Spyware Help / EG83 Ransomware Removal Guide

EG83 Ransomware Removal Guide

by 0 Comments

Do you know what EG83 Ransomware is?

There is no need to explain why EG83 Ransomware is a dangerous threat if it has invaded your operating system already. This malware encrypts files in a very destructive way. First of all, it encrypts all personal files. It does not look like it spares anything. Second, it changes the names of your files, and so it can be difficult to navigate through the mess and figure out what exactly has happened. According to our research team, when files are encrypted, the original filename is changed to random characters, and then additional prefix and extension are added. For example, a file named “schedule.doc” should be changed to “[Evagreps83@yahoo.com].{random-random}.EG83.” Can you delete the prefix and extension and also change the name? You might be able to do that, but that will not revert the encryption back. Even removing EG83 Ransomware will not do that.

It is important to understand how EG83 Ransomware works. According to our research team, the creator of this infection relies on unsecure RDP connections. If the threat manages to invade one system, local IP addresses with file-sharing enabled are searched, and if any are found, the linked computers get infected too. It appears that the infection is deleted after files are encrypted on all available machines, but we cannot guarantee that there are no malware components for you to remove. Please remember that. EG83 Ransomware is not the first threat to operate in this manner. In fact, it has clones that work the same, including BDDY Ransomware, Matrix-NEWRAR Ransomware, and Matrix-EMAN Ransomware. They are part of the Matrix Ransomware family, and every single variant can create a huge mess. After entrance and encryption, these threats can even delete shadow volume copies to ensure that files cannot be restored using a system restore point.EG83 Ransomware Removal GuideEG83 Ransomware screenshot
Scroll down for full removal instructions

EG83 Ransomware drops a {random name}.jpg file in %APPDATA%, and a file named “!EG83_INFO!.rtf” in every single affected location. The first file replaces the Desktop wallpaper to introduce a message, and the .RTF file needs to be opened for a message to appear. While the second message is more detailed, both instruct to email Evagreps83@yahoo.com, Evagreps83@protonmail.com, or Evagreps83@aol.com. Victims are informed that an “automatic decryption tool” and a “unique decryption key” can salvage all encrypted files. It is also stated that three files can be decrypted for free, which is the only time money is mentioned in any way. That being said, there is no doubt that if you contacted the attacker, they would instruct you to pay for the tool and the key. Obviously, you cannot trust cybercriminals, and you certainly cannot trust that you would get your files decrypted after paying a ransom. Even contacting the attackers via email is dangerous, and so we do not recommend exposing yourself to more problems.

Can you decrypt the files corrupted by EG83 Ransomware yourself? That is unlikely to be the case. A free tool that could solve the issue did not exist at the time of research either. So, what are you supposed to do? If you have backup copies, you can replace the files after deleting EG83 Ransomware. If you have no option, you might need to count loses. Should you take the risk of communicating with cybercriminals and paying the ransom? We do not recommend it. As for the removal, the threat is likely to be eliminated automatically, but you should look into leftovers. You can use a free malware scanner, or better yet, employ an anti-malware tool that will automatically scan the system, delete threats, and provide protection.

Remove EG83 Ransomware

  1. Delete recently downloaded suspicious files.
  2. Set the desired Desktop wallpaper.
  3. Simultaneously tap Win+E to access File Explorer.
  4. Enter %APPDATA% into the field at the top.
  5. Right-click and Delete the {random}.bmp file that took over the wallpaper.
  6. Right-click and Delete all copies of !EG83_INFO!.rtf (in affected folders).
  7. Empty Recycle Bin and install a trusted malware scanner.
  8. Run a system scan to detect leftovers if they exist.

In non-techie terms:

Decrypting the files corrupted by EG83 Ransomware might be impossible, and that is why some victims might decide to contact the attackers behind it and then pay a ransom. Exposing yourself to cybercrooks is dangerous, and paying the ransom is likely to be a futile effort to get a decryptor. We suggest focusing on the removal of EG83 Ransomware instead. Even though your files will remain encrypted after this, your system will be safer, and you will be able to replace the corrupted files with backup copies if you own them. In the future, we recommend securing your system with a trusted anti-malware tool if you want to ensure that malware cannot get in and damage your files or your entire operating system.