What is NEMTY Ransomware
The odds of getting hacked are progressively escalating each day because of the wide distribution of malware and other social engineering tricks. NEMTY Ransomware is not an exception either, that was originally revealed in 2019 and revived with a new force with NEMTY 2.5 REVENGE Ransomware in 2020. Like other types of ransomware, it is meant to encrypt files stored on the user’s PCs by using the AES-256 encryption algorithm. However, the algorithm is used with a mistake and looks more like AES-128/192. It appends unbreakable code that restricts access to data like .docx, .xlsx, .pptx, .mp3, .mp4, .png and other types of files. Once it has encrypted your data, the virus, therefore, alters the extension name to .NEMTY. The most recent varieties use the complex extension .NEMTY_XXXXXXX, where XXXXXXX is a random 7-digit alphanumerical sequence. After the encryption process is finished NEMTY leaves a note on desktop notifying that your data was encrypted and the only way you to recover it is by paying a ransom (approximately 1000$).
---=== NEMTY PROJECT ===---
[+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on you computer has extension .nemty
By the way, everything is possible to restore, but you need to follow our instructions. Otherwise, you cant return your data (NEVER).
[+] What guarantees? [+] It's just a business. We absolutely do not care about you and your deals, except getting benefits.
If we do not do our work and liabilities - nobody will not cooperate with us.
It's not in our interests.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key.
In practise - time is much more valuable than money.
[+] How to get access on website? [+] 1) Download and install TOR browser from this site: https://torproject.org/
2) Open our website: zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion/pay
When you open our website, follow the instructions and you will get your files back.
Configuration file path: C:\Users\User\_NEMTY_VOv3Zme_
---> NEMTY 2.5 REVENGE <--- Some (or maybe all) of your files got encryped. We provide decryption tool if you pay a ransom. Don't worry, if we can't help you with decrypting - other people won't trust us. We provide test decryption, as proof that we can decrypt your data. You have 3 month to pay (after visiting the ransom page) until decryption key will be deleted from server. After 3 month no one, even our service can't make decryptor. 1) Web-Browser a) Open your browser. b) Open this link: hxxp://nemty.top/public/pay.php c) Upload this file. d) Follow the instructions. 2) Tor-Browser a) Download&Install Tor-Browser. b) Open Tor-Browser. c) Open this link : hxxp://zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion/public/pay.php d) Upload this file. e) Follow the instruction.
The transaction must be made only via Bitcoin through their Website that has to be entered only through the Tor Browser. Tor browser itself is the most secure browser that uses a system of proxy-servers allowing to run anonymous activity on the web. Woefully, up-to-date programs are not able to unlock decrypted files because hackers design intricate chains of code that are merely impossible to decipher. Although, this is not the reason to pay a fee, because there is actually no warrant they will keep their promises on getting your files back. The best and most secure option would be firstly removing NEMTY Ransomware from your computer to prevent further data loss and secondly recovering missed data from the backup. We have prepared a full uninstallation guide down below.
- Download NEMTY Ransomware Removal Tool
- Get decryption tool for .NEMTY files
- Recover encrypted files with Stellar Data Recovery Professional
- Restore encrypted files with Windows Previous Versions
- Restore files with Shadow Explorer
- How to protect from threats like NEMTY Ransomware
How NEMTY Ransomware infected your computer
Ransomware-type programs are usually circulated through multiple methods that have been very popular these days. Number one is via e-mail spam letters that can contain malicious applications and other files inclined to fool people into downloading and infecting devices. Hackers tend to present themselves as an update, news or other delivery services that ostensibly notify users about exclusive offers with highlighted headings. Inexperienced users are more likely to be baited into this provocation subsequently tolerating the harmful behavior of malware. Stay aside from clicking if you see any mysterious files received in an unexpected letter. Additionally, Ransomware can be spread alongside other software that is known as "bundling". Virus developers integrate file-encrypting tools into other software that can be easily downloaded from unwanted websites. Whenever users want to workaround payment for the licensed software, they rush into the first encountered website in order to download and install the software without paying attention to the details. Thereby, Ransomware inevitably infiltrates their computer and puts the unbreakable barrier on files along the way. Adware, peer-to-peer networks and other sources can also add up to the list of potentially infecting schemes. In this article, you will find the most effective ways to uninstall NEMTY Ransomware and maybe restore the corrupted data down below.
Download Removal Tool
To remove NEMTY Ransomware completely, we recommend you to use Norton Antivirus from Symantec. It detects and removes all files, folders and registry keys of NEMTY Ransomware and prevents future infections by similar viruses.
Alternative Removal Tool
To remove NEMTY Ransomware completely, we recommend you to use SpyHunter 5 from EnigmaSoft Limited. It detects and removes all files, folders and registry keys of NEMTY Ransomware. The trial version of SpyHunter 5 offers virus scan and 1-time removal for FREE.
NEMTY Ransomware files:
NEMTY Ransomware registry keys:
How to decrypt and restore .NEMTY files
Use automated decryptors
Download Nemty Decryptor from Tesorion
Use following tool from Tesorion called Nemty Decryptor, that can decrypt .NEMTY or .NEMTY_XXXXXXX files. Read following how-to-use guide. Download it here:
There is no purpose to pay the ransom, because there is no guarantee you will receive the key, but you will put your bank credentials at risk.
Dr.Web Rescue Pack
Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of .NEMTY files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing of files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don't have to pay.
If you are infected with NEMTY Ransomware and removed it from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:
Use Stellar Data Recovery Professional to restore .NEMTY files
- Download Stellar Data Recovery Professional.
- Click Recover Data button.
- Select type of files you want to restore and click Next button.
- Choose location where you would like to restore files from and click Scan button.
- Preview found files, choose ones you will restore and click Recover.
Using Windows Previous Versions option:
- Right-click on infected file and choose Properties.
- Select Previous Versions tab.
- Choose particular version of the file and click Copy.
- To restore the selected file and replace the existing one, click on the Restore button.
- In case there is no items in the list choose alternative method.
Using Shadow Explorer:
- Download Shadow Explorer program.
- Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
- Select the drive and date that you want to restore from.
- Right-click on a folder name and select Export.
- In case there are no other dates in the list, choose alternative method.
If you are using Dropbox:
- Login to the DropBox website and go to the folder that contains encrypted files.
- Right-click on the encrypted file and select Previous Versions.
- Select the version of the file you wish to restore and click on the Restore button.
How to protect computer from viruses, like NEMTY Ransomware, in future
1. Get special anti-ransomware software
Use ZoneAlarm Anti-Ransomware
Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.
2. Back up your files
As an additional way to save your files, we recommend online backup. Local storages, such as hard drives, SSDs, flash drives or remote network storages can be instantly infected by the virus once plugged in or connected to. NEMTY Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and simple interface. You can read more about iDrive cloud backup and storage here.
3. Do not open spam e-mails and protect your mailbox
Malicious attachments to spam or phishing e-mails is most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications, and provides very high level of anti-spam protection.