Ransomware Encryption Decryptor
We’re here to fix that.
Download one of EmsiSoft free decrypter tools to recover your files without paying the ransom
NemucodAES is a new variant of the Nemucod ransomware family. Written in a combination of JavaScript and PHP it uses AES and RSA in order to encrypt your files. Encrypted files will keep their original file names and a ransom note named “DECRYPT.hta” can be found on your Desktop. The ransom note reads as follows:
ATTENTION!
All your documents, photos, databases and other important personal files were encrypted
using a combination of strong RSA-2048 and AES-128 algorithms.The only way to restore your files is to buy decryptor. Please, follow these steps:
Create your Bitcoin wallet here:
https://blockchain.info/wallet/new
Buy 0.13066 bitcoins here:
https://localbitcoins.com/buy_bitcoins
Send 0.13066 bitcoins to this address:
1FeZr4bvMpCf1QTS49VjsdhtnP6zPvMjbP
Open one of the following links in your browser:
http://luxe-limo.ru/counter/?1FeZr4bvMpCf1QTS49VjsdhtnP6zPvMjbP
http://musaler.ru/counter/?1FeZr4bvMpCf1QTS49VjsdhtnP6zPvMjbP
http://vinoteka28.ru/counter/?1FeZr4bvMpCf1QTS49VjsdhtnP6zPvMjbP
http://www.agrimixxshop.com/counter/?1FeZr4bvMpCf1QTS49VjsdhtnP6zPvMjbP
http://sharedocsrl.it/counter/?1FeZr4bvMpCf1QTS49VjsdhtnP6zPvMjbP
Download and run decryptor to restore your files.You can find this instruction in “DECRYPT” file on your desktop.
To decrypt your files, please run the decrypter on the encrypted system. The decrypter requires various files from your %TEMP% directory of the user that spawned the infection. Therefore it is important not to reformat the system or run any cleanup tools before attempting the decryption.
[May, 30, 2017] – Version: 1.0.0.54
Emsisoft Decrypter for Amnesia2
Due to a bug in the malware’s code, the malware will truncate up to the last 7 bytes from files it encrypts. It is, unfortunately, impossible for the decrypter to reconstruct these bytes.
[Jan, 4, 2017] – Version: 1.0.0.22
Emsisoft Decrypter for Globe3
[Dec, 23, 2016] – Version: 1.0.0.35
Emsisoft Decrypter for GlobeImposter
Since version 1.17.0 each Stampado infection also has a unique “salt” that is specific to the ransomware buyer. The salt can either be specified manually or detected automatically. In order to determine the salt automatically the ransomware has to be running on the system. Fill in the ID and email address and click the “Detect …” button next to the salt input field.
If the malware has already been removed, please don’t attempt to reinfect yourself. Instead submit the malware file via email to [email protected] so I can extract the correct salt for you. You can also try the pre-configured salts that have been used by known Stampado campaigns in the wild so far.