2020fx Posted June 29, 2017 Report Share Posted June 29, 2017 I've found a customer that opened an email containing a ransomeware .zip file. She was infected with Nemucod-AES. I was wondering if you had a decryptor made for this variant yet. I've attached a good and a bad file for you to look over if that's required. When I added the .crypted extension to the infected file and dragged them both on to the nemucod decryptor, it actually decrypted the file. But when I tried to decrypt another file without a good version, it did NOT decrypt the file successfully even though it said it did. Looking forward to your response. 2012 proposed budget.crypted 2012 proposed budget.ods Link to comment Share on other sites More sharing options...
Benchmark Posted July 6, 2017 Report Share Posted July 6, 2017 I have the same exact situation. I've cleaned her computer off, but there is still a handful of encrypted files that I would like to get back. It didn't rename the files but they are corrupt. I got one file to go through emisoft decrypter and generate a key. Then any other files I run through it are still encrypted. Looking forward to a response too. Link to comment Share on other sites More sharing options...
bstrong tech Posted July 20, 2017 Report Share Posted July 20, 2017 i also have same problem, anyone can help? Link to comment Share on other sites More sharing options...
Paully Posted July 21, 2017 Report Share Posted July 21, 2017 First one on thier decryptor page: https://decrypter.emsisoft.com/ Hope you guys haven't formatted the infected machine yet (as I did!). If so, the files are gone. The virus makes a .db file on the infected workstation that contains the missing data and decryption keys of each file in ruins. If you've wiped the machine, that .db file is gone along with any hope of recovery. Link to comment Share on other sites More sharing options...
Recommended Posts