2020fx 0 Posted June 29, 2017 Report Share Posted June 29, 2017 I've found a customer that opened an email containing a ransomeware .zip file. She was infected with Nemucod-AES. I was wondering if you had a decryptor made for this variant yet. I've attached a good and a bad file for you to look over if that's required. When I added the .crypted extension to the infected file and dragged them both on to the nemucod decryptor, it actually decrypted the file. But when I tried to decrypt another file without a good version, it did NOT decrypt the file successfully even though it said it did. Looking forward to your response. 2012 proposed budget.crypted 2012 proposed budget.ods Quote Link to post Share on other sites
Benchmark 0 Posted July 6, 2017 Report Share Posted July 6, 2017 I have the same exact situation. I've cleaned her computer off, but there is still a handful of encrypted files that I would like to get back. It didn't rename the files but they are corrupt. I got one file to go through emisoft decrypter and generate a key. Then any other files I run through it are still encrypted. Looking forward to a response too. Quote Link to post Share on other sites
bstrong tech 0 Posted July 20, 2017 Report Share Posted July 20, 2017 i also have same problem, anyone can help? Quote Link to post Share on other sites
Paully 0 Posted July 21, 2017 Report Share Posted July 21, 2017 First one on thier decryptor page: https://decrypter.emsisoft.com/ Hope you guys haven't formatted the infected machine yet (as I did!). If so, the files are gone. The virus makes a .db file on the infected workstation that contains the missing data and decryption keys of each file in ruins. If you've wiped the machine, that .db file is gone along with any hope of recovery. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.