Emsisoft Decrypter for PewCrypt is a solution for the PewDiePie ransomware.

PewCrypt is a strain of ransomware written in Java that uses AES and RSA to encrypt a victim's files, adding the extension .PewCrypt. The malware then asks the victim to subscribe to PewDiePie. The author supposedly released this as a joke in 2019 - not so funny...

To use the decrypter, you will need the AES.key file left on the desktop by the malware. Then you will select the AES.key file by clicking the Browse button. Then click the Start button. Emsisoft Decrypter for PewCrypt will display the reconstructed encryption details once the recovery process has finished. The display is purely informational to confirm that the required encryption details have been found.

By default, Emsisoft Decrypter for PewCrypt will pre-populate the locations to decrypt with the currently connected drives and network drives. Additional locations can be added using the “Add” button.

Decrypters typically offer various options depending on the particular malware family. The available options are located in the Options tab and can be enabled or disabled there.

After you have added all the locations you want to decrypt, click the Decrypt button to start the decryption process. Emsisoft Decrypter for PewCrypt will notify you when finished. If you require a report for your records, you can save it by clicking the Save log button. You can also copy it straight to your clipboard to paste it into emails or forum posts if needed.