PwndLocker has rebranded as the ProLock Ransomware after fixing a crypto bug that allowed a free decryptor to be created. The developers rebranded their infection as ProLock and have started to target corporate networks once again. The new ProLock is being distributed through a BMP image file being stored in C:ProgramData named WinMgr.bmp. The binary data is then reassembled by a.PowerShell script that injects it directly into memory and encrypts files.
Source: https://www.bleepingcomputer.com/news/security/pwndlocker-fixes-crypto-bug-rebrands-as-prolock-ransomware/