This tool recovers the password required to decrypt those files encrypted by the first version of PopCorn ransomware that appeared by the end of 2016.

The malware demanded a ransom to recover the files, but with this tool you don't have to pay. When executed, it allows to get the password used to recover the files.

Steps to be taken to implement the POC: 1. Run RecoverPopCorn.exe on the infected system.
2. If the system is infected with the most common variant of PopCorn, the first field should be filled in with information about the path where the ransomware itself is located. If not, the system may not be infected with a known variant. If the field is not automatically filled in with the path but you know where the infection file is located, you can search for it with the "File..." button.
3. Click on the "Code decryptor" button. A text string will appear in the lower panel. 4. Copy and paste that string into the malware's ransom dialog.
5. Wait for the malware to unlock the files. It will automatically remove itself from the system, but it is advisable to check your system with an up-to-date antivirus.

You may also be interested in

  • cloud-professional-services-migration

    Cloud Professional Services: Migration

  • alias robotic

    Telefónica Tech and Alias Robotics created the CS4R laboratory

  • navantia

    Navantia y Telefónica Tech: the Future of Cyber Defence