Geek's Advice

PWNDLocker decryption is possible thanks to Emsisoft

PWNDLocker ransomware, known as a big threat to companies and governmental institutions, has been defeated. Security researchers from Emsisoft have discovered an encryption flaw in the virus, making it possible to restore files marked with .pwnd or .key extension.

The PWNDLocker decryption tool isn’t available to download publicly as the cybercriminals could investigate it and improve their encryption routine. Therefore, Emsisoft researchers ask all victims to recover the ransomware executable and send it to them via their contact portal here.

Emsisoft is well-known for its outstanding researchers, including Fabian Wosar and Michael Gillespie. The security firm has released many ransomware decryption tools in the past, including STOP Decryptor, also tools for ChernoLocker, Paradise, Hakbit, and others.

How to decrypt PWNDLocker-affected data

In order to recover files affected by the infamous ransomware, victims are required to recover the PWNDLocker executable file. For this task, victims are advised to use any data recovery tool and use it to restore files from the following folders:

• %Temp%;
• %Appdata%;
• C:/User.

Once the victim finds the executable, one needs to assure it won’t be run again. It is recommended to archive it to ensure a safe transfer to the security researchers.

The ransomware demands extremely large ransoms from its victims

PWNDLocker ransomware virus first emerged in 2019 and continued its attacks in 2020. The virus is known to target large computer networks and demand between $180,000 to $670,000 in Bitcoin. The initial ransom amount increases $100 if not paid within 2 weeks since the cyber attack. If the ransom isn’t paid within one month, the cyber criminals threaten to publish the company’s data online.

As reported by BleepingComputer, the ransomware operators boast about encrypting Lasalle County’s network in Illinois. According to the attackers, the ransom amount they demand is 50 Bitcoins (roughly $445,000). In addition, the criminals suggest they have stolen data from the county. However, the Lasalle County has expressed its position and told that it has no plans on paying the hefty ransom.

Matt Corey

Matt Corey is passionate about the latest tech news, gadgets and everything IT. Matt loves to criticize Windows and help people solve problems related to this operating system. When he’s not tinkering around with new gadgets he orders, he enjoys skydiving, as it is his favorite way to clear his mind and relax.