Remove Dev-Nightmare Virus and Decrypt .2xx9 Encrypted Files - How to, Technology and PC Security Forum |

Remove Dev-Nightmare Virus and Decrypt .2xx9 Encrypted Files


with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Dev-Nightmare and other threats.
Threats such as Dev-Nightmare may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

shutterstock_152253701A ransomware virus has been detected by the name of “Dev-Nightmare”. The virus uses the .2xx9 file extension after it performs a successful attack on a compromised computer and encrypts t’s files. The files, besides having the abovementioned file extension added to them are encoded based on the mechanism from the HiddenTear ransomware project and luckily for infected user there may be a decryption solution for this virus. Keep reading this article for more information on how to remove this ransomware and try the HiddenTear decryptor to decode your files if they are enciphered by it.

Threat Summary

Short DescriptionThe ransomware encrypts files with encryption algorithm and asks a ransom for decryption.
SymptomsFiles are encrypted and become inaccessible. A ransom note with instructions for paying the ransom shows as a READ_ME.txt file.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by Dev-Nightmare


Malware Removal Tool

User ExperienceJoin our forum to Discuss Dev-Nightmare Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Dev-Nightmare – Distribution

To be spread rapidly, Dev-Nightmare may use several malicious practices. For instance it may use other malware that connects to its command and control servers and download the virus files themselves. Dev-Nightmare may also use an exploit kit that take advantage of malicious exploits In Windows to infect the user and run as a legitimate service while it encrypts the files. Another way it may infect you is by a malicious JavaScript that may be used with the one and only purpose to cause the encryption without having to create any files on your computer.

To distribute those tools, the Dev-Nightmare ransomware may also take advantage of several different methods for replications, which mainly involve spamming malicious URL’s or files. This may be done on comments on forums, other websites and also via shady e-mails that trick users into opening it’s malicious file attachments.

Dev-Nightmare Ransomware – More Information

After it infects a system, Dev-Nightmare may connect remotely to the computer of the cyber-criminals that is controlling it and download the malicious payload of the virus that encrypts files. It primarily may locate it In the %AppData% folder, but similar to other HiddenTear viruses like EDA2, 8lock8 DEDCryptor or Strictor this virus may also target other Windows folders:

commonly used file names and folders

In addition to that, the virus may also create modified values strings in the Windows Registry Editor to make the malicious file that encrypts files run when you start your computer. The targeted keys for this are mainly the following:


After the encryptor of this virus runs, it may look for a wide variety of files to encipher, Such files may be videos, pictures, database files, Microsoft Office and Adobe Reader documents. Similar to other HiddenTear viruses like it, Dev-Nightmare may also look for the following file extensions to encrypt:

→ .txt, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, .psd, .dll, .lnk, .pdf Source: Symantec

After the files are encrypted the virus ads it’s own distinctive file extension to the enciphered files – 2xx9. The encrypted files look like the following:


Then the virus leaves a hateful ransom note written in extremely poor English message that aims to induce fear in users to pay money to get access back to their files.

Dev-Nightmare’s ransom note:

Your System is inficated with Dev-Nightmare 2xx9 Ransomware
Your All Files and database are encrypted.
If you want you files back contact me at [email protected]
Send me some money or bitcoins
And I hate fake peoples.

Dev-Nightmare – Remove It and Decrypt Your Files

However, since this is a HiddenTear variant, there has been a decryptor released for which’s usage we have provided instructions in step “2. Decrypt files encrypted by Dev-Nightmare” below. But before decrypting your files, we strongly suggest following methodologically the instructions to remove Dev-Nightmare ransomware and other infections that may currently be residing on your computer. Malware analysts also strongly advise scanning your computer with an anti-malware program initially to effectively secure your computer after infection with Dev-Nightmare and protect it in the future as well.

Note! Your computer system may be affected by Dev-Nightmare and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Dev-Nightmare.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Dev-Nightmare follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Dev-Nightmare files and objects
2. Find files created by Dev-Nightmare on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by Dev-Nightmare

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share