Researchers from the Dutch company Tesorion have created a free Nemty decryptor, an utility to recover files locked by the Nemty ransomware.
The decryptor is still available upon request on the developers website, but in the future it will be possible to use it through the NoMoreRansom resource.“Victims of the Nemty Ransomware finally have something to be happy about as researchers have released a decryptor that allows them to recover files for free. The decryptor currently supports only a limited amount of file extensions, but Tesorion expanding support for more file types every day”, — report BleepingComputer journalists.
Windows malware Nemty first came to the attention of information security experts in mid-August. The new ransomware strain is notable for refusing to encrypt data on machines located in the countries of the former USSR.
It is distributed in various ways – through vulnerable RDP services, web attacks using social engineering, and exploit packs.
Read also: Mike virus. How to decrypt .mike files?
The new ransomware is able to remove shadow copies of Windows so that the victim cannot use them to recover data, as well as forcibly terminate processes and services that interfere with his main task. The authors of Nemty are constantly improving it and in two months have released several updates.
“The descriptor created in Tesorion is still working with malware versions 1.4 and 1.6, but will soon be suitable for 1.5 as well. At the moment, the range of file extensions supported by the utility is limited, however, developers add new file types to its arsenal every day”, – report in BleepingComputer.
To use the decryptor, the victim of the infection must contact Tesorion for help and, using the link provided, upload the file encrypted with Nemty. The decryption key is generated on the server of the company, which produces the result and loads it into the utility.
This order was established so that the authors of the malware could not get to the decryptor and crack the algorithm. There are already reasons for such concerns: in the code of the latest version of Nemty, 1.6, virus writers left a message to their opponents: “Tesorion, thanks for the article”.
Read also: Bora ransomware. How to decrypt .bora files?
Experts were given the opportunity to verify the operability of the new decryptor. They say that the utility already decrypts most of the files that users usually create: Office documents, video, graphics. Tesorion is currently in talks with Europol to include its decryptor in its NoMoreRansom collection.