Recommended Posts

I've found a customer that opened an email containing a ransomeware .zip file.

 
She was infected with Nemucod-AES.
 
I was wondering if you had a decryptor made for this variant yet.
 
I've attached a good and a bad file for you to look over if that's required.
 
When I added the .crypted extension to the infected file and dragged them both on to the nemucod decryptor, it actually decrypted the file.  But when I tried to decrypt another file without a good version, it did NOT decrypt the file successfully even though it said it did.
 
Looking forward to your response.

2012 proposed budget.crypted

2012 proposed budget.ods

2017062995084331001.jpg
Download Image

Share this post


Link to post
Share on other sites

I have the same exact situation. I've cleaned her computer off, but there is still a handful of encrypted files that I would like to get back.

It didn't rename the files but they are corrupt. I got one file to go through emisoft decrypter and generate a key. Then any other files I run through it are still encrypted.

Looking forward to a response too.

Share this post


Link to post
Share on other sites

First one on thier decryptor page:

https://decrypter.emsisoft.com/

 

Hope you guys haven't formatted the infected machine yet (as I did!).  If so, the files are gone. 

The virus makes a .db file on the infected workstation that contains the missing data and decryption keys of each file in ruins. If you've wiped the machine, that .db file is gone along with any hope of recovery.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.