PwndLocker Ransomware Decryption Now Available

PwndLocker Ransomware Decryption Now Available

PwndLocker Ransomware Decryption Now Available

PwndLocker Ransomware Decryption Now Available! Emsisoft has found a way to decrypt files encrypted by the new PwndLocker Ransomware so that the victims can recover their files without paying the ransom.

This new ransomware called PwndLocker is relatively new to the scene and has been encrypting organizations and cities sensitive data around the world and then demanding ransoms ranging from $175,000 to over $660,000 depending on the size of the company & network.

PwndLocker Ransom Note
PwndLocker Ransom Note (Source: Bleeping Computer)

Two of the hardest hit victims include Lasalle County, Illinois who was hit with a 50 bitcoin ransom ($442,000) and the City of Novi Sad, Serbia who had over 50TB of data encrypted.

Vulnerabilities found in Ransomware

Emsisoft’s Fabian Wosar was able to spot a weakness in the malware which allows victims to recover their files without paying the ransom after he spent time analyzing the PwnedLocker ransomware.

The only catch is in order to receive help with the ransomware, Wosar said that he needed the users to send him a copy of the Ransomware Executable file that was used originally to deploy the ransomware.

The downside is that the executable is usually removed by the operators after the ransomware is deployed.

PwndLocker Ransomware Decryption Now Available! People who have fallen victim to the PwnedLocker Ransomware may be able to recover the executable using Shadow Explorer or file recovery tools. When searching for the executable, you should look in the %Temp%, C:\User folders, and %Appdata% folders.

Once an executable is found, victims can contact Emsisoft to receive help.

Using our 2nd Generation Antivirus Service can help defend against these types of executables. You want to make sure you always have endpoint protection in place to hopefully prevent these executables from running in the first place. If you are not sure if you are protected, contact us today!

Posted on