Didi

Nemty Ransomware

Recommended Posts

Alas, the decryptor didn't work for me.

I wonder if this is the case for anyone else? I don't know what to do. I fortunately have backups of some files but not all.

Share this post


Link to post
Share on other sites

It's possible that your issue may be a special case, but I don't hear much from Nemty victims these days so I can't be certain.

Share this post


Link to post
Share on other sites

I guess so which is very annoying but I don't understand why no decryptor (versions 1.5, 1.6 or 2) would work seeing as I have the same problem as every other person that got infected.

Share this post


Link to post
Share on other sites
7 hours ago, Didi said:

I guess so which is very annoying but I don't understand why no decryptor (versions 1.5, 1.6 or 2) would work seeing as I have the same problem as every other person that got infected.

Unfortunately that's a question that only Tesorion could answer, since no one else knows how their decrypter works.

Share this post


Link to post
Share on other sites
On 12/31/2019 at 12:39 AM, GT500 said:

It's unfortunate that they won't provide support for their decrypter. It makes it seem too much like they did it only for the publicity.

It's more that they are simply overwhelmed by victim requests; they admitted such when I offered to help since I had analyzed the ransomware and know how to break it mathematically. They told me they were working with NoMoreRansom for more resources. I did not invest any more time into it so as to not overlap work.

@Didi, can you supply me with an encrypted file and it's original? I have a method of easily breaking the key for one file if given the original, but it takes quite awhile. The key is shared among all files, but the hard part (aka CPU/time intensive part) is actually breaking the IV for every other file - that's the part I haven't fully implemented. Due to Nemty's botched crypto, the IV per file matters much more than it usually would with AES.

Nevermind, I just realized you have reached out to me with another handle before. I'll have to take another look at your case.

Edited by Demonslay335

Share this post


Link to post
Share on other sites
5 hours ago, Demonslay335 said:

It's more that they are simply overwhelmed by victim requests; they admitted such when I offered to help since I had analyzed the ransomware and know how to break it mathematically. They told me they were working with NoMoreRansom for more resources. I did not invest any more time into it so as to not overlap work.

@Didi, can you supply me with an encrypted file and it's original? I have a method of easily breaking the key for one file if given the original, but it takes quite awhile. The key is shared among all files, but the hard part (aka CPU/time intensive part) is actually breaking the IV for every other file - that's the part I haven't fully implemented. Due to Nemty's botched crypto, the IV per file matters much more than it usually would with AES.

Nevermind, I just realized you have reached out to me with another handle before. I'll have to take another look at your case.

dear sir, i was just hit by this f**king virus. version 2.5 . decrypter from tessorion doesn't work for me, i tried several times but nothing worked. it just tell me that decryptor finished, decrypted 0 files. what should i do next?

Share this post


Link to post
Share on other sites
19 hours ago, georgevacilica said:

so, should i wait for a decryptor or pay the ransom??

In the end that's up to you and how vital it is that you have your data back quickly, however we would always recommend waiting at least to find out if it's decryptable, especially in the case of a ransomware like this where there's an existing decrypter for older variants.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.