What is Nemty 2.5?
The newest version of Nemty ransomware has been recently detected. It’s called Nemty 2.5 Revenge and its functions is to prevent victims from the accessing to a various file formats. In general, Nemty 2.5 is distributed by the means of various executable files (like fake installators). However, hackers can easily inject the code of Nemty 2.5 into a regular harmless file. In this case the code is executed, once the file is opened. Moreover, nowadays hackers widely use various remote access software with the help of which they get nearly a full access to an infected computer. Once Nemty 2.5 successfuly got into the system, it immediately begins to prepare the system for the encryption. In order to stay undetected, it changes the system processes and injects into them. Then it scans the hard drive and modifies the files, that are suitable for the encryption. Nemty 2.5 attacks media files and documents generally, as such files usually contain the most valuable information for a victim. As the result, the files get the new “.NEMTY_*ID*” extensions (where id stands for the unique identificator). Then the virus drops the ransom note, called NEMTY_*ID*-DECRYPT.txt. By the means of the note hackers try to make victims pay for the decryptor. Unfortunately, the surest way to decrypt data is to get the decryptor from hackers, but there is a great many of the cases, when hackers just deceive victims. Sometimes they get money and stop all contacts and sometimes they send malicious programs instead of the decryptor. That’s why we’ve prepared the detailed guide on how to remove Nemty 2.5 Revenge ransomware and decrypt .NEMTY_*ID* files without any risk.
Some (or maybe all) of your files got encryped.
We provide decryption tool if you pay a ransom.
Don't worry, if we can't help you with decrypting - other people won't trust us.
We provide test decryption, as proof that we can decrypt your data.
You have 3 month to pay (after visiting the ransom page) until decryption key will be deleted from server.
After 3 month no one, even our service can't make decryptor.
a) Open your browser.
b) Open this Tink: http://nemty.top/public/pay.php
c) Upload this file.
d) Follow the instructions.
a) Download&instal1 Tor-srowser.
b) Open Tor-srowser.
c) Open this Tink : http://zjoxywSmkacojkSptn2iprkivg5clow72mjkykSttubzxprjjnwapkad.onion/public/pay.php
d) Upload this file.
e) Follow the instruction.
How to remove Nemty 2.5 Revenge Ransomware from your computer?
We strongly recommend you to use a powerful anti-malware program that has this threat in its database. It will mitigate the risks of the wrong installation, and will remove Nemty 2.5 Revenge ransomware from your computer with all of its leftovers and register files.
Solution for Windows users: our choice is Thor. Thor security scans your computer and detects various threats like Nemty 2.5 Revenge, then removes it with all of the related malicious files, folders and registry keys.
If you are Mac user, we advise you to use Combo Cleaner.
How to decrypt .NEMTY_*ID* files?
Once you’ve removed the virus, you are probably thinking how to decrypt .NEMTY_*ID* files or at least restore them. Let’s take a look at possible ways of decrypting your data.
Restore .NEMTY_*ID* files with Data Recovery
- Download and install Data Recovery
- Select drives and folders with your files, then click Scan.
- Choose all the files in a folder, then press on Restore button.
- Manage export location.
Decrypt .NEMTY_*ID* files with other software
Unfortunately, due to the novelty of Nemty 2.5 Revenge ransomware, there are no decryptors that can surely decrypt encrypted files. Still, there is no need to invest in the malicious scheme by paying a ransom. You are able to recover files manually.
You can try to use one of these methods in order to restore your encrypted data manually.
Decrypt .NEMTY_*ID* files with Emsisoft decryptor
This software includes information about more than 100 viruses of STOP(DJVU) family and others. All that you need are two files or some luck. You can freely use it as it distributes free of charge. If it doesn’t work for you, you can use another method.
Restore .NEMTY_*ID* files with Windows Previous Versions
This feature is working on Windows Vista (not Home version), Windows 7 and later versions. Windows keeps copies of files and folders which you can use to restore data on your computer. In order to restore data from Windows Backup, take the following steps:
- Open My Computer and search for the folders you want to restore;
- Right-click on the folder and choose Restore previous versions option;
- The option will show you the list of all the previous copies of the folder;
- Select restore date and the option you need: Open, Copy and Restore.
Restore .NEMTY_*ID* files with System Restore
You can always try to use System Restore in order to roll back your system to its condition before infection infiltration. All the Windows versions include this option.
- Type restore in the Search tool;
- Click on the result;
- Choose restore point before the infection infiltration;
- Follow the on-screen instructions.