Didi

Nemty Ransomware

Recommended Posts

Alas, the decryptor didn't work for me.

I wonder if this is the case for anyone else? I don't know what to do. I fortunately have backups of some files but not all.

Share this post


Link to post
Share on other sites

It's possible that your issue may be a special case, but I don't hear much from Nemty victims these days so I can't be certain.

Share this post


Link to post
Share on other sites

I guess so which is very annoying but I don't understand why no decryptor (versions 1.5, 1.6 or 2) would work seeing as I have the same problem as every other person that got infected.

Share this post


Link to post
Share on other sites
7 hours ago, Didi said:

I guess so which is very annoying but I don't understand why no decryptor (versions 1.5, 1.6 or 2) would work seeing as I have the same problem as every other person that got infected.

Unfortunately that's a question that only Tesorion could answer, since no one else knows how their decrypter works.

Share this post


Link to post
Share on other sites
On 12/31/2019 at 12:39 AM, GT500 said:

It's unfortunate that they won't provide support for their decrypter. It makes it seem too much like they did it only for the publicity.

It's more that they are simply overwhelmed by victim requests; they admitted such when I offered to help since I had analyzed the ransomware and know how to break it mathematically. They told me they were working with NoMoreRansom for more resources. I did not invest any more time into it so as to not overlap work.

@Didi, can you supply me with an encrypted file and it's original? I have a method of easily breaking the key for one file if given the original, but it takes quite awhile. The key is shared among all files, but the hard part (aka CPU/time intensive part) is actually breaking the IV for every other file - that's the part I haven't fully implemented. Due to Nemty's botched crypto, the IV per file matters much more than it usually would with AES.

Nevermind, I just realized you have reached out to me with another handle before. I'll have to take another look at your case.

Edited by Demonslay335

Share this post


Link to post
Share on other sites
5 hours ago, Demonslay335 said:

It's more that they are simply overwhelmed by victim requests; they admitted such when I offered to help since I had analyzed the ransomware and know how to break it mathematically. They told me they were working with NoMoreRansom for more resources. I did not invest any more time into it so as to not overlap work.

@Didi, can you supply me with an encrypted file and it's original? I have a method of easily breaking the key for one file if given the original, but it takes quite awhile. The key is shared among all files, but the hard part (aka CPU/time intensive part) is actually breaking the IV for every other file - that's the part I haven't fully implemented. Due to Nemty's botched crypto, the IV per file matters much more than it usually would with AES.

Nevermind, I just realized you have reached out to me with another handle before. I'll have to take another look at your case.

dear sir, i was just hit by this f**king virus. version 2.5 . decrypter from tessorion doesn't work for me, i tried several times but nothing worked. it just tell me that decryptor finished, decrypted 0 files. what should i do next?

Share this post


Link to post
Share on other sites
19 hours ago, georgevacilica said:

so, should i wait for a decryptor or pay the ransom??

In the end that's up to you and how vital it is that you have your data back quickly, however we would always recommend waiting at least to find out if it's decryptable, especially in the case of a ransomware like this where there's an existing decrypter for older variants.

Share this post


Link to post
Share on other sites

Hello @GT500, @Demonslay335, @Kevin Zoll and @Amigo-A,

It's been a long time since we've conversed. I hope you're all well.

I wanted to give you all an update on my issue.

I've waited and waited and still haven't come across a Nemty decryptor that works.

In the end, I had to save all my files onto external hard drives and reset my computer to factory settings. That was the only way to get all the Windows 10 functions, working again.

I've downloaded the Nemty decryptor from the https://www.nomoreransom.org/en/decryption-tools.html site but the decryptor always fails. 

I don't know what to do. Does anyone know of any update decryptors or what to do in general?

I await your responses.

Share this post


Link to post
Share on other sites
12 hours ago, Didi said:

I've downloaded the Nemty decryptor from the https://www.nomoreransom.org/en/decryption-tools.html site but the decryptor always fails.

That's the same decrypter made by Tesorion that you had tried previously, so I'm not surprised it didn't work.

 

12 hours ago, Didi said:

I don't know what to do. Does anyone know of any update decryptors or what to do in general?

Tesorion is the only one I know has made a decrypter. There are reports that victims of Nemty have been able to contact them and get help (at least with files under 2 GB in size), however there seem to be a number of others who either haven't done this or didn't have any luck trying.

Share this post


Link to post
Share on other sites

@GT500, thank you for your reply.

Yes, that's exactly why the decryptor wouldn't have worked.

OK, that's good to know. I sent them an email yesterday and will wait for a reply. I wrote to them months ago and after getting replies at first, I never heard from them understandably, seeing as a lot of people got in touch with them about the issue.

 

Share this post


Link to post
Share on other sites
22 hours ago, Didi said:

OK, that's good to know. I sent them an email yesterday and will wait for a reply. I wrote to them months ago and after getting replies at first, I never heard from them understandably, seeing as a lot of people got in touch with them about the issue.

Unfortunately they probably got overwhelmed by all of the victims contacting them for help.

Share this post


Link to post
Share on other sites
17 hours ago, GT500 said:

Unfortunately they probably got overwhelmed by all of the victims contacting them for help.

Yes, that would be the case.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.