Remove Nelasod Virus Ransomware (+ Restore .nelasod Files)

Nelasod Virus Removal Guide

remove nelasod virus ransomware sensorstechforum

The article presents detailed information about Nelasod virus as well as a step-by-step guide on how to remove malicious files from the infected system and how to potentially recover encrypted files.

Nelasod virus is a vicious cryptovirus that is based on the code of STOP ransomware. Once activated on a computer Nelasod disrupts system security in order to locate and encode personal files. Since the threat is designed to utilize a strong cipher algorithm for the corruption of target files, it prevents you from accessing the data they store. Encrypted files could be recognized by the extension .nelasod as the ransomware appends it to their names. At the end of the attack, Nelasod virus displays a message that instructs you how to make a ransom payment for a decryption tool. This message could be found on the desktop in the _readnme.txt file.

Threat Summary

TypeRansomware, Cryptovirus
Short DescriptionA version of the STOP/DJVU ransomware that is designed to encrypt valuable files stored on infected computers and then extort a ransom from victims.
SymptomsImportant files are encrypted and renamed with the extension .nelasod
A ransom message forces victims to contact hackers in order to receive instructions on how to pay a ransom ($490 – $980).
Distribution MethodSpam Emails; Email Attachments; Corrupted Websites; Software Installers
Detection Tool See If Your System Has Been Affected by Nelasod


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Nelasod.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Nelasod Virus – Update August 2019

The good news for all victims of STOP Nelasod ransomware is that the security researcher Michael Gillespie found weaknesses in the code of this variant and released an updated version of his STOP ransomware decrypter.

So the moment you remove all malicious files and objects from your infected system you can enter our data recovery guide where you will find a download link for the free Nelasod decryption tool and learn how to proceed with the decryption process.

Decrypt Files Encrypted by STOP Ransomware

Have in mind that the tool is designed to support specific offline IDs, so it may not be effective for all occasions of Nelasod virus ransomware infections.

Nelasod Virus (STOP Ransomware) – More About the Infection

Security researchers reported that the Nelasod virus is based on the code of one of the most popular ransomware families dubbed

STOP. Nelasod ransomware is spread via several channels including spam emails, email attachments, hacked web pages, and corrupted freeware installers.

Since malspam enables hackers to spread their malicious code via massive email campaigns, they often prefer it. For its realization, they usually embed their malware in files of common types which files they then attach to email messages. These files may be presented as:

  • Invoices coming from reputable sites, like PayPal, eBay, etc.
  • Documents from that appear to be sent from your bank.
  • An online order confirmation note.
  • Receipt for a purchase.
  • Others.

Once activated on your system Nelasod virus creates ransom named malicious files in folders like %AppData% and %LocalAppData%. By executing these files, the ransomware performs a series of malicious operations that corrupt essential system settings and enable it to encrypt target files.

Nelasod virus launches a built-in cipher module for the data encryption stage. This module is designed to scan all computer drives for predefined types of files so it can then transform their code with a sophisticated cipher algorithm. Unfortunately, it is likely that all files which store valuable information will be encrypted. Among encrypted files may be your:

  • Audio files
  • Video files
  • Document files
  • Image files
  • Backup files
  • Banking credentials, etc

Following encryption, you cannot open encrypted files. In addition, you see the extension .nelasod appended to their names. In fact, the main goal of this ransomware is to blackmail you into paying a ransom to hackers.

Here is a copy of Nelasod virus’ ransom message _readnme.txt:


Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Our Telegram account:

Your personal ID:

nelasod virus readme txt ransom message sensorstechforum

According to the details presented in the ransom message, when you pay the ransom you will receive a decryption tool for encrypted files. You should NOT under any circumstances pay any ransom sum to cybercriminals. This action does not guarantee the recovery of your .nelasod files.

How to Remove Nelasod Virus

The so-called Nelasod virus is a threat with a highly complex code that disrupts system security in order to encrypt personal files. Hence the infected system could be used in a secure manner again only after the complete removal of all malicious files and objects created by Nelasod ransomware. That’s why it is recommendable that all steps presented in the Nelasod virus removal guide below should be completed. Beware that the manual ransomware removal is suitable for more experienced computer users. If you don’t feel comfortable with the manual steps navigate to the automatic part of the guide.

How to Recover .nelasod Files

There are several alternative methods that may be efficient for the recovery of .nelasod files. You could find them listed under Step 5 from our Nelasod ransomware removal guide. Beware that you should make copies of all encrypted files and save them on a flash drive for example. This additional step will prevent the permanent loss of encrypted .nelasod files.

Ransomware Removal Instructions

Gergana Ivanova

Gergana Ivanova

Gergana has completed a bachelor degree in Marketing from the University of National and World Economy. She has been with the STF team for four years, researching malware and reporting on the latest infections.

More Posts

Follow Me:
Google Plus


  1. AvatarMehma

    My system got hacked by nelasod. Please help

    1. Gergana IvanovaGergana Ivanova (Post author)

      Hi Mehma,

      We are sorry to inform you that at this point Nelasod version of STOP ransomware is not decrypted. However, there is a chance that Michael Gillespie, the security researcher who managed to find weaknesses in the code of the threat and released а free decryption tool, will update his STOP decrypter to support .nelasod files decryption very soon. So we advise you is to follow the updates in our removal article where we will add the decryptor as soon as it is updated.

  2. Avatarioannis

    hello from greece,
    any news about nelasod files decryption?


Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share