ZX81 0 Posted April 28, 2016 Report Share Posted April 28, 2016 Hello, I am trying to get back files encrypted by Nemucod (.crypted extension files) but when I drop the two versions of the file ( encrypted and original ), I get the error "The decrypter could not determine a valid key for your system....." On another topic with the same issue I tried to reply but could not: http://support.emsisoft.com/topic/20092-new-variant-of-nemucodcrypted-decrypter-not-working/ I saw in that Topic that Forum Veteran Elise was asking to the user dtwestoz to provide the dropper of the infection in order to verify if the decryption is possible or not. I think I did find the file that originated the encryption of my case ( it is named 00000514022.doc.js ). I tried to attach it to my post but the system is not allowing the upload of that kind of file. Let me know how to proceed. I look forward to hearing from you and send my best regards. Patrick Link to post Share on other sites
Elise 276 Posted April 29, 2016 Report Share Posted April 29, 2016 Hello, I'm sorry to hear about this. Could you please try to upload the .js file to www.virustotal.com and post the link to the scan results? Also, can you let me know what the name of the ransom note and the format of the encrypted files is? Link to post Share on other sites
ZX81 0 Posted April 29, 2016 Author Report Share Posted April 29, 2016 Hello Elise, thanks for your prompt reply. Here is the link to the scan results: https://www.virustotal.com/en/file/f145dfac9e39a2643b2c6ce08416411c19b939397ad7dbe57ef0edb4529a322c/analysis/1461935259/ The name of the ransom note which is located on the desktop is: DECRYPT.txt It pops up automatically when you start the computer. The format of the encrypted files is: .crypted In case you need, I have available one original file and the relative encrypted version. I look forward to hearing from you. Best regards. Patrick Link to post Share on other sites
Elise 276 Posted April 29, 2016 Report Share Posted April 29, 2016 Thank you, unfortunately if the decrypter is not able to find a key, then decryption is not possible. I can help you removing the active infection components, but this will do nothing to get your files back. Link to post Share on other sites
ZX81 0 Posted April 30, 2016 Author Report Share Posted April 30, 2016 Hello Elise, thanks for your reply. I made a full clone copy of the hard drive and decided to format it and reinstall the OS from scratch. I am following as well this topic on bleepingcomputer.com: http://www.bleepingcomputer.com/forums/t/608045/crypted-ransomware-nemucod-decrypttxt-support-and-help-topic/page-8 and it looks like the infection I am dealing with is the 7zip variant of Nemucod. I hope you guys will be able to find a way to create a new version of your decrypter that implements this new version of Nemucod. Wish you all the best. Link to post Share on other sites
Elise 276 Posted April 30, 2016 Report Share Posted April 30, 2016 Yes, it is a good idea to keep track of that topic, you can also keep an eye on https://decrypter.emsisoft.com/ for new decrypters available. I will close this topic, if you need it reopened, please send me a personal message. All the best! Link to post Share on other sites
Recommended Posts