I am assisting a customer that was infected with the .nuclear ransomware. The files were appended with .[[email protected]
]-id-DC145418.nuclear. They submitted a file that was decrypted. They paid the ransom and were provided a decrypter named btcw.exe. They file ran, however, the decrypter just renamed the files and did not decrypt them. When the file runs at the beginning it actually says "Your decrypt key is: ..." and lists the decrypt key. The hackers are still communicating to an extent regarding the issue. However, my question is, can the decrypt key listed in the decrypter program be used in an form or fashion to manually decrypt the files?