Ransomware virus known as Nemucod was reported during April to infect multiple machines and stop defensive processes of Windows and security software on them to remain active on the infected computer. The virus also encrypts files with a very strong encryption algorithm demanding 200$ from users affected by it.
Fortunately, a free decrypter has been released and in this article, we aim to show you how to work with it to decode your files.
Nemucod Ransomware – More Information
When it was released, Nemucod was reported to take advantage of several methods to infect users. One of the methods reported was spammed e-mails containing attachments or malicious URLs. Another method of distributing this malware may be via social media spammed messages which include files or malicious links as well.
Nemucod was often confused with the legitimate program, dubbed Nemucod. This virus also uses remote locations to which it connects, allowing it to be controlled from there.
The program also may create multiple files in the %AppData% folder along with its main executable that conducts the encryption process.
It has been reported to possibly attack the following types of files and encipher them, making them no longer openable by any type of software:
→ docm, .docx, .dotm, .dotx, .gzip, .html, .index, .java, .jfif, .jpeg, .json, .litcofee, .pages, .php3, .php4, .php5, .7zip, .aspx, .bash, .bookmarks, .class, .config, .csproj, .phps, .phpt, .phtml, .potm, .potx, .ppam, .ppsm, .ppsx, .pptm, .pptx, .prproj, .psm1, .resx, .scpt, .shtml, .sitx, .sldm, .sldx, .splus, .sqlite, .sqlite3, .swift, .tar.gz, .thmx, .tiff, .vcxproj, .xcodeproj, .xhtm, .xhtml, .xlsx, .zipx Source: Infected users
Nemucod Removal Instructions
Fortunately for us, Nemucod is easily decryptable. The only prerequisite for this is to have Nemucod removed from your computer. To do this, follow our removal instructions below:
Manually delete Nemucod from your computer
Note! Substantial notification about the Nemucod threat: Manual removal of Nemucod requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.
Automatically remove Nemucod by downloading an advanced anti-malware program
Nemucod Decryption Instructions
After you have removed Nemucod from your computer, all you need to do is get one original file and its encrypted version for the decryption to work. If you manage to do so, all you have to do to revert your files is follow these steps:
Step 1: Download Nemucod Decrypter by clicking on the button below:
Step 2: Save the Nemucod file somewhere where you can easily find it and open it.
Step 3: Open the location of Nemucod decrypter after which leave the original and decrypted copies of the files next to it, just like the image shows:
N.B.: If you do not have the original version of your encrypted file, you can try getting the default image files in the %Sample Images% folder of Windows. They are usually the same for every Windows PC and you can get the encrypted image from your computer after which get the decrypted image from the infected computer. The default location of the images is the following:
Step 4: The decryption process. It is very simple. All that you have to do now is mark the encrypted and original files and drag them over the decrypter. This will find the decryption key for files encrypted by Nemucod:
Step 5: There is a probability that this key may be the wrong one. This is why you should try to decrypt a couple of files with this key. Click on OK and you will see the main interface of EmsiSoft’s Nemucod decrypter:
Step 6: From there, click on Add File(s) so that you can be able to add files to the list for decryption.
Step 7: Click on the Decrypt button like shown on the picture below:
If the files have been decryption you will see this in the live feed of the decryptor, like shown below:
Nemucod Decryption – Conclusion
It is very fortunate that a decryptor has been released for this virus since a lot of ransomware viruses that have started infecting users years ago have not yet been decrypted. Military algorithms are the root reason for this and nowadays staying protected is important because not getting infected is way better than being lucky that there is a decrypter for your files.
This is why we advise you to follow these security tips to strengthen your protection from ransomware viruses like Nemucod:
Advice 1: Make sure to read our general protection tips and try to make them your habit and educated others to do so as well.
Advice 2: Install an advanced anti-malware program that has an often updated real-time shield definitions and ransomware protection.
Advice 3: Seek out and download specific anti-ransomware software which is reliable.
Advice 4: Backup your files using one of the methods in this article.
Advice 5: : Make sure to use a secure web browser while surfing the world wide web.