Ransomware virus known as Nemucod was reported during April to infect multiple machines and stop defensive processes of Windows and security software on them to remain active on the infected computer. The virus also encrypts files with a very strong encryption algorithm demanding 200$ from users affected by it.
Fortunately, a free decrypter has been released and in this article, we aim to show you how to work with it to decode your files.
Nemucod Ransomware – More Information
When it was released, Nemucod was reported to take advantage of several methods to infect users. One of the methods reported was spammed e-mails containing attachments or malicious URLs. Another method of distributing this malware may be via social media spammed messages which include files or malicious links as well.
Nemucod was often confused with the legitimate program, dubbed Nemucod. This virus also uses remote locations to which it connects, allowing it to be controlled from there.
The program also may create multiple files in the %AppData% folder along with its main executable that conducts the encryption process.
It has been reported to possibly attack the following types of files and encipher them, making them no longer openable by any type of software:
→ docm, .docx, .dotm, .dotx, .gzip, .html, .index, .java, .jfif, .jpeg, .json, .litcofee, .pages, .php3, .php4, .php5, .7zip, .aspx, .bash, .bookmarks, .class, .config, .csproj, .phps, .phpt, .phtml, .potm, .potx, .ppam, .ppsm, .ppsx, .pptm, .pptx, .prproj, .psm1, .resx, .scpt, .shtml, .sitx, .sldm, .sldx, .splus, .sqlite, .sqlite3, .swift, .tar.gz, .thmx, .tiff, .vcxproj, .xcodeproj, .xhtm, .xhtml, .xlsx, .zipx Source: Infected users
Nemucod Removal Instructions
Fortunately for us, Nemucod is easily decryptable. The only prerequisite for this is to have Nemucod removed from your computer. To do this, follow our removal instructions below: