Ask in kapersky forums / support I suppose. re decryptors If there was 1 that worked well it would be all over the net. someone more knowledgeable re these might pick up the tread
moving to GTI forum/breaking security news
Peter M wrote:
This will probably work, but you need to keep abreast of developments - that was published back in March. There are now two main variants of Nemucod, and the Nemucod-7z one is not decryptable.
For the earlier version of Nemucod there are two tools which sometimes, but not always, can decrypt some (but not necessarily all) file types. There is a BleepingComputer thread for this which you need to keep an eye on, and in that thread they give links to those tools -
- see #395 by quietman7 as an example. Note that the minimum file size for the decryption tools is 510 bytes, not 144.
If you have time read the whole thread.
Be aware also that Nemucod doesn't come alone, and there may be other infections that need removing -
The ransomware removes itself after it completes, but it usually also comes packaged with Kovter, a password-stealing Trojan. MalwareBytes and HitmanPro will usually pickup on any infections left over. They will not remove encrypted files, they are not the threat. Don't worry about the part of the ransom note that mentions files being deleted after x days, it is just a scare tactic.
A techie friend thinks it's from Nemucod and suggested I try to find decrypters. How does one find a good decryptor? I tried downloading one but it did not work. Anyone know about Kaspersky labs?
I just re-read your post and three things need answering.
First, if you don't know what the ransomware program is you'll need to upload one or more encrypted files to have them analysed. Send them to https://id-ransomware.malwarehunterteam.com/index.php
Second, there are decryptor tools out there but it's a cat-and-mouse game with the malware authors. A tool works for a while then a new version of the ransomware is launched and it''s back to square one. So I don't absolutely guarantee that any of these tools will work, or decrypt all your files.
Still, here are two useful articles you should read - ignore the advertisements and the "download-this" enticements. What you want is the decryptor information.
And third, as you will see Kaspersky's contribution is useful, as far as it goes. No-one has a monopoly in this area, not even McAfee.
Speaking of which, Kaspersky and McAfee partnered in a project called "No More Ransom" which looked promising when it launched. It aimed to be a central point for providing decryptors but hasn't really taken off. You're better off referring to that lsit from thewindowsclub, as long as they keep the list updated.