PwndLocker Ransomware is attacking the networks of companies and local governments in the United States (USA). Attackers demand a ransom that can range from 175,000 to 660,000 US dollars. In the ransom message, the attackers say they will keep the decryptor for a month and urge victims to contact them within two days to get a "discount". Also, after 2 weeks the price doubles. Another threat to victims is that they will release sensitive information they have gathered from the organization's network to the public.
When PwndLocker ransomware is executed on the victim's computer, it tries to disable a variety of Windows services using the 'net stop' command. The ransomware will also verify some software processes and terminate them if detected. Some of the software selected are Firefox, Word, Excel, security software, backup applications, among others. PwdLkocker deletes the instant volume copies, this does so that these files cannot be recovered, for this it executes the following commands: