{
	"id": "96aba1ad-ad5f-4b09-9617-7a66994e06fa",
	"created_at": "2026-04-06T00:12:45.279675Z",
	"updated_at": "2026-04-10T03:22:06.372583Z",
	"deleted_at": null,
	"sha1_hash": "2ca64b31b021a657dbcb13a41f2504d8ff1f0d7a",
	"title": "PwndLocker Ransomware Gets Pwned: Decryption Now Available",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2284058,
	"plain_text": "PwndLocker Ransomware Gets Pwned: Decryption Now Available\r\nBy Lawrence Abrams\r\nPublished: 2020-03-05 · Archived: 2026-04-05 16:11:24 UTC\r\nEmsisoft has discovered a way to decrypt files encrypted by the new PwndLocker Ransomware so that victims can recover\r\ntheir files without paying a ransom.\r\nWe were the first to report about a relatively new ransomware called PwndLocker that was encrypting organizations and\r\ncities around the world and then demanding ransoms ranging from $175,000 to over $660,000 depending on the size of the\r\nnetwork. \r\nPwndLocker Ransom Note\r\nAmong these victims is Lasalle County, Illinois who was hit with a 50 bitcoin ransom ($442,000) and the City of Novi Sad,\r\nSerbia who had over 50TB of data encrypted.\r\nhttps://www.bleepingcomputer.com/news/security/pwndlocker-ransomware-gets-pwned-decryption-now-available/\r\nPage 1 of 3\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/pwndlocker-ransomware-gets-pwned-decryption-now-available/\r\nPage 2 of 3\n\nVisit Advertiser websiteGO TO PAGE\r\nFlaw found in ransomware\r\nAfter analyzing the PwndLocker ransomware, Emsisoft's Fabian Wosar was able to spot a weakness in the malware that\r\nallows victims to recover their files without paying the ransom.\r\nTo receive help with the ransomware, Wosar told BleepingComputer that victims need to send him a copy of the\r\nransomware executable that was used in the attack.\r\nUnfortunately, after deploying the ransomware the attackers are deleting this executable.\r\nVictims may be able to recover the executable using Shadow Explorer or file recovery tools. When searching for the\r\nexecutable, victims should look in the %Temp%, C:\\User folders, and %Appdata% folders.\r\nOnce an executable is found, victims can contact Emsisoft to receive help. \r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/pwndlocker-ransomware-gets-pwned-decryption-now-available/\r\nhttps://www.bleepingcomputer.com/news/security/pwndlocker-ransomware-gets-pwned-decryption-now-available/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/pwndlocker-ransomware-gets-pwned-decryption-now-available/"
	],
	"report_names": [
		"pwndlocker-ransomware-gets-pwned-decryption-now-available"
	],
	"threat_actors": [],
	"ts_created_at": 1775434365,
	"ts_updated_at": 1775791326,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2ca64b31b021a657dbcb13a41f2504d8ff1f0d7a.pdf",
		"text": "https://archive.orkl.eu/2ca64b31b021a657dbcb13a41f2504d8ff1f0d7a.txt",
		"img": "https://archive.orkl.eu/2ca64b31b021a657dbcb13a41f2504d8ff1f0d7a.jpg"
	}
}