Emsisoft, an antivirus solutions provider, has released a custom decryption tool for PwndLocker ransomware. The decryptor release comes after Emsisoft identified a PwndLocker weakness that allows victims to recover their files without paying the ransom, according to BleepingComputer.
To use the decryptor, Emsisoft is asking PwndLocker victims to provide a copy of the ransomware executable used in the attack. The executable can usually be found using Shadow Explorer or file recovery tools.
Once a PwndLocker victim sends the executable, Emsisoft then creates a custom decryptor, the company said. Since PwndLocker has several variants, the executable varies, and the decryptor must be customized based on the attack.
What Is PwndLocker?
PwndLocker is a form of ransomware that first appeared in 2019. Cybercriminals have used PwndLocker to demand ransoms ranging from $175,000 to over $660,000, depending on the size of the network, BleepingComputer reported.
Cybercriminals use PwndLocker to disable Windows services via a "net stop" command that encrypts data, BleepingComputer stated.
PwndLocker victims thus far include Lasalle County, Illinois (which received a $442,000 ransom) and the City of Novi Sad, Serbia (which had over 50TB of data encrypted).
Are Ransomware Decryptors Effective?
Emsisoft's PwndLocker decryptor is custom-made, and it helps an organization address a single PwndLocker attack.
Other ransomware decryptors are available, but the results of these tools vary. For example, cybercriminals have used a buggy Ryuk ransomware decryptor to attack government agencies, schools and other organizations.
An organization should look closely at decryptors and other tools to address ransomware attacks. In doing so, an organization can identify the best way to manage a ransomware attack and restore any lost data or inactive systems as quickly as possible.