I was attacked by a version of nemesis petropasevich@aol.com All my files are encrypted now. He asked me money in btc. Appreciate if you could help me with the decryption. Please, it' is a big damage for my work. Thank you

I was attacked by a version of nemesis petropasevich@aol.com All my files are encrypted now. He asked me money in btc. Appreciate if you could help me with the decryption. Please, it' is a big damage for my work. Thank you

Hello, @cozzo. Unfortunately, we cannot directly help you. Can you provide us with a ransom note (like "DECRYPT_FILES.txt" or similar) and what extension your locked files have?

This seems to be a new variant of Nemesis as I don't recognize the email address and cannot find it anywhere. Also what does the ransomware note look like:

1. https://sensorstechforum.com/remove-dangerous-ransomware-restore-wtf-files/
or
2. https://sensorstechforum.com/remove-crypton-virus-restore-id-ransomedindia-com-files/

In any case, you should try the decryptor programs provided by EMSIsoft:

CryptON (Nemesis) : https://decrypter.emsisoft.com/crypton
Nemesis ransomware family (Cry128) : https://decrypter.emsisoft.com/cry128

Although your variant might be newer and not added to the decryptors, you should backup your files and after that test both of them.

In case the decryptor tools do not work, you should check out this article:

How to Restore Files Encrypted by Ransomware (Without Decrypter)

I hope that something works, but if this is a newer variant for Nemesis it might be coded in a different way, preventing known methods for decryption. Whatever the results are, we at SensorsTechForum expect your answer.

Kind Regards,
Execute