Mrlocker Ransomware

What is Mrlocker Ransomware?

Mrlocker Ransomware is a recently discovered malicious program that our malware analysts say was designed to lock your computer’s screen as opposed to most ransomware that encrypt your files. The good news is that you can remove this screen-locking ransomware and not suffer any of the consequences. It appears that this program is still under development as there is only one unlocking code that works for all infected computers. To find out more about this malware, please continue reading this description.testtest

Where does Mrlocker Ransomware come from?

This program was first seen on the 6th of June, 2017 and researchers say that its developers might distribute it via email spam. While there is no concrete information regarding its distribution method, malware researchers at speculate that this ransomware’s executable which is most likely named MrLocker.exe is included in emails as an attached file and sent to random email addresses across the globe. Distribution using email spam is likely as many ransomware-type commuter infections are distributed using this method. The emails can appear legitimate, but typically contain very little text as all of the relevant information is claimed to be included inside the attached file that may be disguised as a PDF file.

What does Mrlocker Ransomware do?

If it happens to get onto your PC, then Mrlocker Ransomware will jump into action immediately and lock its screen. As a result, you will not be able to use your PC as the lock screen window cannot be minimized or closed. The lock screen doubles as a ransom note and claims that you have downloaded something illegal and, as punishment, you must enter a code to unlock your PC. The lock screen will be closed once you have done that. The ransomware also warns you not to try anything because it will not work. There is no information on how to obtain this key because, again, we think it is a test version that has been released before the payment system was set up. Usually, cyber criminals leave an email address, Bitcoin wallet address and other information on how to pay the ransom but, in this particular case, it is not there. As a result, you are left to deal with this program on your own. Luckily, there is a way you can get out of this situation.

Our malware analysts have decompiled this ransomware and found that entering the code 6269521 will unlock it. This code works for all infected users. After you have entered this code the lock screen will close. Malware analysts have found that this ransomware’s process can be disguised as "taskmgr", "cmd", or "regedit" to imitate a feature integral to Microsoft Windows. Therefore, after you enter the unlock code, you should launch Task Manager and end the process called by either one of these names.

How do I remove Mrlocker Ransomware?

In closing, Mrlocker Ransomware is just one of many ransomware-type programs that lock the user’s computer’s screen. While it does not ask for money now, it will do that once the full version is out. Therefore, if you value your cyber security, you ought to get an anti-malware program such as SpyHunter to protect it. If you want to remove Mrlocker Ransomware, we invite you to use an antimalware program or the guide featured below.

Removal Guide

  1. Enter 6269521 in the dialog box of the ransomware.
  2. Click Enter.
  3. Press Ctrl+Alt+Delete.
  4. Select Task Manager.
  5. Locate "taskmgr", "cmd", or "regedit" under the Processes tab.
  6. Right-click it and click End Process.
  7. Then, Enter the following file paths and hit Enter.
    • %TEMP%
    • %USERPROFILE\Downloads
    • %USERPROFILE\Desktop
  8. Locate MrLocker.exe (can be named differently)
  9. Right-click it and click Delete.
  10. Close the File Explorer.
  11. Then, Press Windows+R keys.
  12. Type regedit in the box and hit Enter.
  13. Navigate to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  14. Locate Mr Locker.
  15. Right-click it and click Delete.
  16. Done. 100% FREE spyware scan and
    tested removal of Mrlocker Ransomware*

Leave a Comment

Enter the numbers in the box to the right *