2020fx 0 Report post Posted June 29, 2017 I've found a customer that opened an email containing a ransomeware .zip file. She was infected with Nemucod-AES. I was wondering if you had a decryptor made for this variant yet. I've attached a good and a bad file for you to look over if that's required. When I added the .crypted extension to the infected file and dragged them both on to the nemucod decryptor, it actually decrypted the file. But when I tried to decrypt another file without a good version, it did NOT decrypt the file successfully even though it said it did. Looking forward to your response. 2012 proposed budget.crypted 2012 proposed budget.ods Download Image Quote Share this post Link to post Share on other sites
Benchmark 0 Report post Posted July 6, 2017 I have the same exact situation. I've cleaned her computer off, but there is still a handful of encrypted files that I would like to get back. It didn't rename the files but they are corrupt. I got one file to go through emisoft decrypter and generate a key. Then any other files I run through it are still encrypted. Looking forward to a response too. Quote Share this post Link to post Share on other sites
bstrong tech 0 Report post Posted July 20, 2017 i also have same problem, anyone can help? Quote Share this post Link to post Share on other sites
Paully 0 Report post Posted July 21, 2017 First one on thier decryptor page: https://decrypter.emsisoft.com/ Hope you guys haven't formatted the infected machine yet (as I did!). If so, the files are gone. The virus makes a .db file on the infected workstation that contains the missing data and decryption keys of each file in ruins. If you've wiped the machine, that .db file is gone along with any hope of recovery. Quote Share this post Link to post Share on other sites
