We have developed a decryption solution for PwndLocker ransomware. Because each decryptor requires customization before use, we cannot make the tool publicly available for download and affected organizations should contact us.
PwndLocker mainly targets businesses and governments. The amount of the PwndLocker ransom demand is victim-specific and therefore varies from case to case, but can be more than $500,000.
PwndLocker has numerous variants, all of which delete shadow volume copies, limiting victims’ ability to recover.
In order to create a custom decryption tool, we require the ransomware executable that was used in a particular attack.
Emsisoft Endpoint Protection: Award-Winning Security Made SimpleExperience effortless next-gen technology. Start Free Trial
While the ransomware automatically deletes the executable, it is often possible to recover it using file recovery tools and it may be found in the %Temp%, C:\User folders or %Appdata% folders. Organizations that require assistance locating the executable should contact us.