Jump to content


Recommended Posts

I've found a customer that opened an email containing a ransomeware .zip file.

She was infected with Nemucod-AES.
I was wondering if you had a decryptor made for this variant yet.
I've attached a good and a bad file for you to look over if that's required.
When I added the .crypted extension to the infected file and dragged them both on to the nemucod decryptor, it actually decrypted the file.  But when I tried to decrypt another file without a good version, it did NOT decrypt the file successfully even though it said it did.
Looking forward to your response.

2012 proposed budget.crypted

2012 proposed budget.ods


Link to comment
Share on other sites

I have the same exact situation. I've cleaned her computer off, but there is still a handful of encrypted files that I would like to get back.

It didn't rename the files but they are corrupt. I got one file to go through emisoft decrypter and generate a key. Then any other files I run through it are still encrypted.

Looking forward to a response too.

Link to comment
Share on other sites

  • 2 weeks later...

First one on thier decryptor page:



Hope you guys haven't formatted the infected machine yet (as I did!).  If so, the files are gone. 

The virus makes a .db file on the infected workstation that contains the missing data and decryption keys of each file in ruins. If you've wiped the machine, that .db file is gone along with any hope of recovery.

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...