Recent Articles
How To Recover Overwritten Files
The Snowflake Data Breach: A Comprehensive Overview
Mac Not Recognizing External Hard Drive: Quick Fix Solutions
How Multi-Cloud Backup Solutions Can Prevent Data Disasters
Capibara Ransomware: What is it & How to Remove
What Should a Company Do After a Data Breach: The Ticketmaster Incident
Secles Ransomware: Removal Guide
What To Do When Your Chromebook Freezes
How to Create Hyper-V Backup
What Is The Best Data Recovery Software For PC
Bogdan Glushko
CEO at SalvageData Recovery, Bogdan Glushko has over 18 years of experience in high-security data recovery. Over the years, he's been able to help restore data after logical errors, physical failures, or even ransomware attacks, for individuals, businesses, and government agencies alike.
I think there's an issue with my storage device, but I'm not sure Start a free evaluation →
I need help getting my data back right now Call now (800) 972-3282
What is Nemucod Ransomware?
Nemucod is a type of malware that encrypts your files and demands a ransom to decrypt and return them to you.
History
This ransomware was first discovered in 2015. It has since been used in several attacks, including the 2016 Locky Ransomware attack. Nemucod has also been used in targeted attacks against businesses.
Nemucod was created using the AutoIt scripting language. It is distributed through email attachments, malicious websites, and third-party software downloads. Also, this ransomware has been distributed through the RIG and GrandSoft exploit kits. Nemucod is typically packaged with other malware, such as Trojans, to evade detection.
How does Nemucod work?
When Nemucod is executed, it will first check for the presence of specific security software. If Nemucod detects any of this software, it will terminate itself. Nemucod Ransomware will then generate a unique ID for the victim and create a copy of itself in the %AppData% directory. It will also create some Registry entries to ensure that it runs every time Windows starts. Then it will scan the victim’s computer for files to encrypt. Nemucod will skip files that are larger than 4MB in size. Also, it will skip files that are located in specific directories, such as %Windows% and %ProgramFiles%. Nemucod will append the “.locked” extension to the encrypted files. After that, it will display a ransom note, which contains instructions on how to pay the ransom. Nemucod will also delete any shadow copies that are present on the victim’s computer. This makes it more difficult to recover the encrypted files without paying the ransom.
What encryption algorithm does Nemucod use?
This ransomware uses the AES-256 encryption algorithm to encrypt your files.
What types of files does Nemucod encrypt?
It will encrypt most types of files, including documents, images, videos, and more.
Ransom note text:
“Your personal files have been encrypted!
To decrypt your files, you will need to purchase a decryption key from us.
Please contact us at [email protected] to purchase a decryption key.”
How much is the ransom?
The ransom amount varies depending on how many files have been encrypted by Nemucod. However, the attackers typically demand between $500 and $1,000.
What payment methods does Nemucod accept?
The Nemucod attackers typically accept payments made in Bitcoin.
How much time do I have to pay the Nemucod ransom?
The Nemucod attackers give you a deadline of 7 days to pay the ransom. If you do not pay the ransom within this period, they threaten to double the ransom amount.
Should I pay the Nemucod ransom?
Paying the Nemucod ransom is not recommended. There is no guarantee that you will receive the decryption key even if you do pay the ransom. Additionally, by paying the ransom, you are supporting the attackers’ business and motivating them to continue their malicious activity.
Protection
There are several things you can do to protect yourself from Nemucod and other types of ransomware:
– Use a reputable antivirus program with real-time protection and keep it up to date.
– Avoid opening email attachments from unknown senders.
– Do not download programs or files from untrustworthy websites.
– Back up your important files regularly so that you can recover them if ransomware encrypts them.
What should I do?
If attackers infected you with ransomware, the first thing you should do is disconnect your computer from the internet to prevent the attackers from encrypting any more of your files.
Then, you will need to use a reputable antivirus program to remove the Nemucod Ransomware from your computer.
Once you have removed it from your computer, you can then restore your files from a backup if you have one. If you do not have a backup, you may be able to use file recovery software to recover some of your encrypted files.
There are many file recovery programs on the market that can help you recover your encrypted files. However, we cannot guarantee that all of these programs will work, and some of them may even be fake.
We recommend using SalvageData data recovery software.
Public decryption tool
You can try using a public decryption tool to decrypt your Nemucod-encrypted files.
However, this tool is not always effective and it may not work on the latest versions of Nemucod. Anyway, it is worth a try.
To use this tool, you need to go to the following link:
Contact a data recovery service
If you cannot decrypt your Nemucod-encrypted files using a public decryption tool or file recovery software, you can try contacting a data recovery service.
Data recovery services specialize in recovering data from encrypted files and they may help you.
SalvageData is a reputable data recovery service that has been in business for over 10 years.
To contact SalvageData, click here.
I still have questions about Nemucod Ransomware.
If you have any further questions about this ransomware or need help recovering your files, please feel free to ask us.
We can be reached 24/7 by phone at +1 (800) 972-3282.
