Jump to content

Computer infected with .crypted ransomware...decrypter doesn't work!


Recommended Posts

A computer at my office was infected with the Nemucod ransomware. All .doc, .docx, .pdf, .jpg, and other file types now have ".crypted" added to them. The virus also spread to files located on the shared network files.

 

I downloaded the Emsisoft Decrypter for Nemucod. I followed the instructions and downloaded some "clean" versions of files saved as attachments, and dropped both a clean version and decrypt version onto the program. But no matter which pairs of files I use, I get this same message:

 

"The decrypter could not determine a valid key for your system. Please drag and drop both an encrypted file as well as its unencrypted counterpart on to the decrypter to determine a correct key. Files need to be at least 510 bytes long."

 

I notice that the Emisoft Decrypter was released in March, but it's been a month and maybe the virus has gotten stronger? Or maybe I need to decrypt on the original computer that was infected (I've been trying to decrypt on the shared network drive). Thank you for any help!!!

Link to post
Share on other sites

Thank you, Kevin. That computer didn't have much on it. It would save all important files to a shared network drive (which also got infected). The original victim computer has since been reformatted/restored and wiped clean. So all we have unfortunately are the infected files on the shared network drive, even though the virus didn't originate there.

Link to post
Share on other sites

The decryption tools should be run from the infected computer. If the tool is unable to generate or find the correct private encryption key, then it is not possible to decrypt the encrypted files.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...