Jump to content

New variant of Nemucod/.crypted. Decrypter not working

Recommended Posts



I've been asked to look at a Nemucod issue that has encrypted files which the Emsisoft decrypter will not decrypt.  I've disabled the infection and run the decrypter on the same machine using an encrypted file and an original from a backup. But get the error: "The decrypter could not determine a valid key for your system. Please drag and drop both an encrypted file as well as its unencrypted counterpart on to the decrypter to determine a correct key. Files need to be at least 510 bytes long."


Unfortunately there are some important recent files that were not backed up as it looks like the encryption process has been running longer than the backup rotation!!  No derogatory comments here as it's not my machine :)


My question is if this is a new variant of this ransomware whats the likelihood and timeframe of an update to a decryption tool being made available to decrypt these files?  I've submitted some files to id-ransomware.malwarehunterteam.com which says its Nemucod and "This ransomware may be decryptable under certain circumstances"


Thanks in advance for your help





Link to post
Share on other sites

Hello Darren,

Thank you for the additional information. Unfortunately if the decrypter was run with two files (one encrypted and one identical but unencrypted file) and no valid key was found, then decryption is not possible in your case.


Many ransomware variants are updated to fix bugs/vulnerabilities that various decrypters use in order to help recover files. For that reason it is impossible to say if an updated decrypter will be available.


I can help you remove active infection components, but this will not do anything to recover files.

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...