Ransomware ProLock

The ProLock ransomware follows a specific strategy when choosing its victims. This strategy is called “Big Game Hunting,” referring to the fact that the group only attacks large companies.

This way, by having large companies or government networks as targets, the attackers are able to extract large payouts from the victims.

By the end of 2019 ProLock was already active, but under the name PwndLocker. In March 2020, researchers discovered a bug in the ransomware and made a decoder available for free.

After that, the group updated its ransomware to fix the known bugs, thus emerging a more powerful version that became known as ProLock.

According to security researchers, the ProLock ransomware uses the Qakbot Trojan horse to break into the system. Spam campaigns and malicious emails are the most common means of invasion for Qakbot.

Once the environment has been hacked and the ransomware launched to encrypt data on a host, the group wants to target nearby computers to generate maximum damage.

This maneuver, called lateral movement, can be done through the Windows vulnerability CVE-2019-0859 to gain administrator-level access on infected hosts.

ProLock can use these credentials to move laterally across a network via RDP, having a wider reach that can cause a lot of damage to the system and thus the functioning of an organization.

The ProLock group often asks for ransoms ranging from 35 to 90 BTC (from $400,000 USD to $1,000,000 USD) and the trend is only increasing in the coming attacks.

Recover files encrypted by ProLock ransomware

Digital Recovery has 23 years of experience in the data recovery market. We have been able to develop unique solutions that allow us to recover data encrypted by ransomware.

Because we understand the damage that data loss can do to its victims, our team of engineers is ready to respond to any incident quickly and efficiently. We provide remote solutions for most services, preventing future damage.

We have drawn up our own confidentiality agreement (NDA), which will ensure that information is not exposed.

We can guarantee a fast, personalized, and efficient service. Don’t waste time, talk to our team of experts and get your data back.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that

Recuperar Ransomware Makop

Makop Ransomware

Makop ransomware has been expanding through its affiliate program, RaaS (Ransomware as a Service), a tactic that aims to seek partners to carry out attacks


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.