This tool recovers the password required to decrypt those files encrypted by the first version of PopCorn ransomware that appeared by the end of 2016.

The malware demanded a ransom to recover the files, but with this tool you don't have to pay. When executed, it allows to get the password used to recover the files.

Steps to be taken to implement the POC: 1. Run RecoverPopCorn.exe on the infected system.
2. If the system is infected with the most common variant of PopCorn, the first field should be filled in with information about the path where the ransomware itself is located. If not, the system may not be infected with a known variant. If the field is not automatically filled in with the path but you know where the infection file is located, you can search for it with the "File..." button.
3. Click on the "Code decryptor" button. A text string will appear in the lower panel. 4. Copy and paste that string into the malware's ransom dialog.
5. Wait for the malware to unlock the files. It will automatically remove itself from the system, but it is advisable to check your system with an up-to-date antivirus.

You may also be interested in

  • infografia-future-workplace

    The Future of Workplace: Connect Talent with Business Objetives

  • dossier-cybersecurity-solutions-services

    Dossier of cybersecurity solutions and services

  • security-status-report-2023-h1

    Security Status Report 2023 H1