PwndLocker ransomware decryption now available

PwndLocker Custom Decryptor

We have developed a decryption solution for PwndLocker ransomware. Because each decryptor requires customization before use, we cannot make the tool publicly available for download and affected organizations should contact us.

PwndLocker

PwndLocker mainly targets businesses and governments. The amount of the PwndLocker ransom demand is victim-specific and therefore varies from case to case, but can be more than $500,000.

PwndLocker has numerous variants, all of which delete shadow volume copies, limiting victims’ ability to recover.

Requirements

In order to create a custom decryption tool, we require the ransomware executable that was used in a particular attack.

Emsisoft Endpoint Protection: Award-Winning Security Made Simple

Experience effortless next-gen technology. Start Free Trial

While the ransomware automatically deletes the executable, it is often possible to recover it using file recovery tools and it may be found in the %Temp%, C:\User folders or %Appdata% folders. Organizations that require assistance locating the executable should contact us.

Senan Conrad

Senan Conrad

Senan specializes in giving readers insight into the constantly and rapidly changing world of cybersecurity. When he’s not tapping away at his keyboard, he enjoys drinking a good coffee or tinkering in his workshop.

What to read next

Newsletter

Malware never sleeps. Be sure to stay up-to-date on emerging threats.

Emsisoft > Blog > Malware Lab > Decryptors > PwndLocker ransomware decryption now available