You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!

*

cozzo

  • *
  • 1
  • +1/-0
      • View Profile
Nemesis [email protected]
« on: October 20, 2018, 01:09:41 pm »
I was attacked by a version of nemesis [email protected] All my files are encrypted now. He asked me money in btc. Appreciate if you could help me with the decryption. Please, it' is a big damage for my work. Thank you
« Last Edit: October 20, 2018, 01:18:33 pm by cozzo »

*

Execute

  • *****
  • 304
  • +50/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: Nemesis [email protected]
« Reply #1 on: October 25, 2018, 03:55:55 pm »
I was attacked by a version of nemesis [email protected] All my files are encrypted now. He asked me money in btc. Appreciate if you could help me with the decryption. Please, it' is a big damage for my work. Thank you

Hello, @cozzo. Unfortunately, we cannot directly help you. Can you provide us with a ransom note (like "DECRYPT_FILES.txt" or similar) and what extension your locked files have?

This seems to be a new variant of Nemesis as I don't recognize the email address and cannot find it anywhere. Also what does the ransomware note look like:

1. https://sensorstechforum.com/remove-dangerous-ransomware-restore-wtf-files/
or
2. https://sensorstechforum.com/remove-crypton-virus-restore-id-ransomedindia-com-files/

In any case, you should try the decryptor programs provided by EMSIsoft:

CryptON (Nemesis) : https://decrypter.emsisoft.com/crypton
Nemesis ransomware family (Cry128) : https://decrypter.emsisoft.com/cry128


Although your variant might be newer and not added to the decryptors, you should backup your files and after that test both of them.

In case the decryptor tools do not work, you should check out this article:

How to Restore Files Encrypted by Ransomware (Without Decrypter)

I hope that something works, but if this is a newer variant for Nemesis it might be coded in a different way, preventing known methods for decryption. Whatever the results are, we at SensorsTechForum expect your answer.

Kind Regards,
Execute
« Last Edit: October 25, 2018, 04:04:33 pm by Execute »