Jump to content

Nemty Ransomware


Didi
 Share

Recommended Posts

7 hours ago, Didi said:

I guess so which is very annoying but I don't understand why no decryptor (versions 1.5, 1.6 or 2) would work seeing as I have the same problem as every other person that got infected.

Unfortunately that's a question that only Tesorion could answer, since no one else knows how their decrypter works.

Link to comment
Share on other sites

On 12/31/2019 at 12:39 AM, GT500 said:

It's unfortunate that they won't provide support for their decrypter. It makes it seem too much like they did it only for the publicity.

It's more that they are simply overwhelmed by victim requests; they admitted such when I offered to help since I had analyzed the ransomware and know how to break it mathematically. They told me they were working with NoMoreRansom for more resources. I did not invest any more time into it so as to not overlap work.

@Didi, can you supply me with an encrypted file and it's original? I have a method of easily breaking the key for one file if given the original, but it takes quite awhile. The key is shared among all files, but the hard part (aka CPU/time intensive part) is actually breaking the IV for every other file - that's the part I haven't fully implemented. Due to Nemty's botched crypto, the IV per file matters much more than it usually would with AES.

Nevermind, I just realized you have reached out to me with another handle before. I'll have to take another look at your case.

Edited by Demonslay335
Link to comment
Share on other sites

5 hours ago, Demonslay335 said:

It's more that they are simply overwhelmed by victim requests; they admitted such when I offered to help since I had analyzed the ransomware and know how to break it mathematically. They told me they were working with NoMoreRansom for more resources. I did not invest any more time into it so as to not overlap work.

@Didi, can you supply me with an encrypted file and it's original? I have a method of easily breaking the key for one file if given the original, but it takes quite awhile. The key is shared among all files, but the hard part (aka CPU/time intensive part) is actually breaking the IV for every other file - that's the part I haven't fully implemented. Due to Nemty's botched crypto, the IV per file matters much more than it usually would with AES.

Nevermind, I just realized you have reached out to me with another handle before. I'll have to take another look at your case.

dear sir, i was just hit by this f**king virus. version 2.5 . decrypter from tessorion doesn't work for me, i tried several times but nothing worked. it just tell me that decryptor finished, decrypted 0 files. what should i do next?

Link to comment
Share on other sites

19 hours ago, georgevacilica said:

so, should i wait for a decryptor or pay the ransom??

In the end that's up to you and how vital it is that you have your data back quickly, however we would always recommend waiting at least to find out if it's decryptable, especially in the case of a ransomware like this where there's an existing decrypter for older variants.

Link to comment
Share on other sites

  • 3 weeks later...
  • 8 months later...

Hello @GT500, @Demonslay335, @Kevin Zoll and @Amigo-A,

It's been a long time since we've conversed. I hope you're all well.

I wanted to give you all an update on my issue.

I've waited and waited and still haven't come across a Nemty decryptor that works.

In the end, I had to save all my files onto external hard drives and reset my computer to factory settings. That was the only way to get all the Windows 10 functions, working again.

I've downloaded the Nemty decryptor from the https://www.nomoreransom.org/en/decryption-tools.html site but the decryptor always fails. 

I don't know what to do. Does anyone know of any update decryptors or what to do in general?

I await your responses.

Link to comment
Share on other sites

12 hours ago, Didi said:

I've downloaded the Nemty decryptor from the https://www.nomoreransom.org/en/decryption-tools.html site but the decryptor always fails.

That's the same decrypter made by Tesorion that you had tried previously, so I'm not surprised it didn't work.

 

12 hours ago, Didi said:

I don't know what to do. Does anyone know of any update decryptors or what to do in general?

Tesorion is the only one I know has made a decrypter. There are reports that victims of Nemty have been able to contact them and get help (at least with files under 2 GB in size), however there seem to be a number of others who either haven't done this or didn't have any luck trying.

Link to comment
Share on other sites

@GT500, thank you for your reply.

Yes, that's exactly why the decryptor wouldn't have worked.

OK, that's good to know. I sent them an email yesterday and will wait for a reply. I wrote to them months ago and after getting replies at first, I never heard from them understandably, seeing as a lot of people got in touch with them about the issue.

 

Link to comment
Share on other sites

22 hours ago, Didi said:

OK, that's good to know. I sent them an email yesterday and will wait for a reply. I wrote to them months ago and after getting replies at first, I never heard from them understandably, seeing as a lot of people got in touch with them about the issue.

Unfortunately they probably got overwhelmed by all of the victims contacting them for help.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...