The PCLocked ‘.pclocked’ Variant: A Definitive Forensic Recovery Guide
In our recovery lab today at Lockbit Decryptor, we isolated the PCLocked ransomware strain. Our analysis confirms this is not a sophisticated enterprise threat but a variant of the open-source HiddenTear ransomware. This variant uses a simple XOR cipher with a hard-coded key, appending the .pclocked extension. Despite its unusual “DECRYPT_ME.txt” mechanism, the encryption is…