Know About The Decryptor of Nemucod Trojan’s .CRYPTED Ransomware

Are you one of that victim whose Systems locked by a ransomware that uses .CRYPTED file extension? If so, there is a good new for you. A free decrypter for Nemucod .CRYPTED ransomware has been released by the Emisoft’s Fabian Wosar. Go through with this article and get a complete detail.

27897-security_article

Nemucod is known as a malware downloader which downloaded on the user PC to infect them. In the past, we have seen clearly how Nemucod downloads the TeslaCrypt. Sometimes ago, the cyber hackers switched to deliver then own home-brew ransomware that locked entire stored file with .CRYPTED file extension. As it turned out, this ransomware was only encrypting the first 2048 bytes of the each file by using XOR algorithm. This ransomware is usually distributed via Spam email a .JS attachment. When the user opens such an attachments, the JavaScript file executes and download more malware to the victim’s System. Recently the malware which is downloaded by Nemucod encrypts the victim’s data and demand 0.4 BTC to get the decryption key.

Know how to use decrypter

The decrypting file is very simple by this decrypter. Victims need to get a hold of an encrypted file and the unencrypted version of the same file retrieved from an online account or a backup. To do this, you have to choose both files and drag them over the icon of decrypters. If you have not an original version of your encrypted files then you can use a sample picture than found in C:\Users\Public\Pictures folder. After determining, the decrypted key is used top encrypt one of your files then you can use to decrypt all other encrypted files which stored on your PC.

If you are unable to understand how decrypter key works then just see this step-by-step solution.

To generate the decrypted keys, first of all, you have to create a folder that contains an encrypted PNG file, decrypt_nemucod.exe programs and an unencrypted version of the same PNG file. Then after dragged both the PNG file and encrypted file on the executable at the same time.

1

After dragging files onto the decrypted, the decryption program will start and you may be displayed with a UAC prompt. Click on the Yes button for proceeding. This process will start a brute-forcing of the encryption which yields a decryption key. When the decrypted key was able to brute forced, it will display the process in a new window.

After hitting the OK button, you will display a license agreement which you must agree to. To continue the further process click on OK button. Now you will see the main page of Nemucod Decryptor which looks like as follow :

emsisoft

By default, the decryptor decrypt file on the C drive. If there are any other drives with encrypted files then hit on the ADD File(s) button and add the drive to the list. When ready, hit the Decrypt button to start the decryption process.

Now your all files will be decrypted.

Leave a Comment

Your email address will not be published. Required fields are marked *