ZX81

The decrypter could not determine a valid key for your system

Recommended Posts

Hello,

I am trying to get back files encrypted by Nemucod (.crypted extension files) but when I drop the two versions of the file ( encrypted and original ), I get the error "The decrypter could not determine a valid key for your system....."

On another topic with the same issue I tried to reply but could not: http://support.emsisoft.com/topic/20092-new-variant-of-nemucodcrypted-decrypter-not-working/

I saw in that Topic that Forum Veteran Elise was asking to the user dtwestoz to provide the  dropper of the infection in order to verify if the decryption is possible or not.

I think I did find the file that originated the encryption of my case ( it is named 00000514022.doc.js ).

I tried to attach it to my post but the system is not allowing the upload of that kind of file.

Let me know how to proceed.

I look forward to hearing from you and send my best regards.

 

Patrick

Share this post


Link to post
Share on other sites

Hello,

I'm sorry to hear about this. Could you please try to upload the .js file to www.virustotal.com and post the link to the scan results?

 

Also, can you let me know what the name of the ransom note and the format of the encrypted files is?

Share this post


Link to post
Share on other sites

Hello Elise,

thanks for your prompt reply.

 

Here is the link to the scan results: https://www.virustotal.com/en/file/f145dfac9e39a2643b2c6ce08416411c19b939397ad7dbe57ef0edb4529a322c/analysis/1461935259/

 

The name of the ransom note which is located on the desktop is: DECRYPT.txt

It pops up automatically when you start the computer.

 

The format of the encrypted files is:   .crypted

 

In case you need, I have available one original file and the relative encrypted version.

 

I look forward to hearing from you.

Best regards.

 

Patrick

Share this post


Link to post
Share on other sites

Thank you, unfortunately if the decrypter is not able to find a key, then decryption is not possible.

 

I can help you removing the active infection components, but this will do nothing to get your files back.

Share this post


Link to post
Share on other sites

Hello Elise,

thanks for your reply.

I made a full clone copy of the hard drive and decided to format it and reinstall the OS from scratch.

I am following as well this topic on bleepingcomputer.com: http://www.bleepingcomputer.com/forums/t/608045/crypted-ransomware-nemucod-decrypttxt-support-and-help-topic/page-8

and it looks like the infection I am dealing with is the 7zip variant of Nemucod.

I hope you guys will be able to find a way to create a new version of your decrypter that implements this new version of Nemucod.

Wish you all the best.

Share this post


Link to post
Share on other sites

Yes, it is a good idea to keep track of that topic, you can also keep an eye on https://decrypter.emsisoft.com/ for new decrypters available.

 

I will close this topic, if you need it reopened, please send me a personal message.

 

All the best!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.