Nemucod Ransomware DescriptionType: Ransomware
The Nemucod Ransomware is a variant of the Nemucod family that includes a ransomware component. The Nemucod is a well-known threat family composed by threatening Java scripts. A variant of the Nemucod downloads a variant of TeslaCrypt, referred to by malware researchers as the Nemucod Ransomware. The Nemucod Ransomware poses a real threat to computer users, and steps should be taken to ensure that your machine is not vulnerable to threats like the Nemucod Ransomware.
The Damage that may be Caused by a Code-Based Ransomware
Good and Bad News Related to the Nemucod Ransomware
Additional Information Regarding the Nemucod Ransomware
Our PC security researchers have observed that the Nemucod Ransomware is very similar to the KeyBTC Ransomware. However, the Nemucod Ransomware seems to be a simpler implementation of this ransomware Trojan's component. It is currently unknown if there is a direct relationship between the people responsible for the Nemucod Ransomware and the KeyBTC Ransomware, or if they simply copied the code from one to the other. Fortunately for computer users, the Nemucod Ransomware uses the XOR encryption, meaning that it is possible to decrypt the files without having to obtain the decryption key from the threat's creators. If your files have been encrypted by the Nemucod Ransomware, PC security researchers recommend the following measures to help with recovery:
- Files encrypted by the Nemucod Ransomware can be recovered with the XOR key that is embedded in the threat executable (a 255 character key). It is possible that a decryption utility has been made available by security researchers.
- Affected PCs can be restored using System Restore, which is usually disabled by more sophisticated ransomware Trojan variants.
- Files encrypted by the Nemucod Ransomware can be restored using Shadow Volume copies, which are deleted by more advanced ransomware Trojans. To do this, it may be necessary to download and run a Shadow Volume browser or recovery utility that can find the shadow copies of files that were encrypted.
File System Details
|#||File Name||MD5||Detection Count|
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.