How to remove NEMTY REVENGE 2.0 ransomware and decrypt .NEMTY_*ID* files

How to remove NEMTY REVENGE 2.0 ransomware and decrypt .NEMTY_*ID* files

NEMTY REVENGE 2.0 ransomware encryption process.

NEMTY REVENGE 2.0 belongs to the file-encryption ransomware family of the same name. There is only one other representative of this family, that has the same name too – NEMTY. NEMTY REVENGE 2.0 has the same principles of work, as the previous version, but the mechanisms are different. Both representatives of this family aim at the preventing the owner of the infected device from the accessing to the definite file formats. Potentially everyone can face the infection with NEMTY REVENGE 2.0, as the ways of its disseminating are not found out yet. We can guess by drawing analogies between the two versions, that the new one mostly spreads by the means of email attachments and fake installators. The malicious code is injected in such file and activates once the user decides to open it. If your device is already infected with this virus, we should warn you not to try to remove NEMTY REVENGE 2.0 ransomware encryption by yourself. Every single manipulation with the file can pottentially damage it permanently.

The encryption process can be characterized as the logical one, as the 2 main stages always occur one by one. The first step, that virus makes is the scanning of the hard drive. NEMTY ransomware can attack only definite file formats, such as .doc, .png, .mp3 and etc. It’s so, because the encryption of all data takes a great amount of time and resources, so in this case the owner of the device will notice, that something is wrong with the system. That’s why the virus can encrypt only valuable information. When the files are found, the virus modifies their structures and makes them unreadable. The clear sign of the successful encryption is the new .NEMTY_*ID* extension, that consists of the two parts: the name of the virus and ID of the victim. The main reason of creating the virus is to make the owners of the infected devices pay for the decryption services that hackers offer. For this reason the virus also creates the ransom note, that is called NEMTY_*ID*-DECRYPT.txt and contains the following information:

NEMTY_*ID*-DECRYPT.txt

---> NEMTY REVENGE 2.0 --- Don't worry, some of your files have extension .NEMTY_*ID* and they are encrypted. But you can return them! In confirmatiom, that we have private decryption key, We can provide test decryption for 1 file (png,jpg,bmp,gif). It's a business, if we can't provide full decryption, other people won't trust us. There is no way to decrypt your files without our help. Don't trust anyone. Even your dog. main mail: elzmflqxj@tutanota.de if no answer: helpdesk_nemty@aol.com Don't change decryption key below!!! NEMTY DECRYPTION KEY: *Key*[/expand]

Don't trust them, as you can easily become twice a victim. It's not rare when hackers stop any contact with the victim after the payment. Moreover, they can easily make the situation even worse and instead of the decryption tool, you will get one more ransomware, keyloger, trojan or RAT. Remember, it's not a business, it's a crime! That's why we've prepared a guide on how remove NEMTY REVENGE 2.0 ransomware and decrypt .NEMTY_*ID* files for free!


Article's Guide

  1. How to remove NEMTY REVENGE 2.0 Ransomware from your computer
  2. How to remove NEMTY REVENGE 2.0 Ransomware encryption from your files
  3. Data Recovery
  4. Automated decryption tools
  5. Windows Previous Versions

How to remove NEMTY REVENGE 2.0 Ransomware from your computer?

We strongly recommend you to use a powerful anti-malware program that has this threat in its database. It will mitigate the risks of the wrong installation, and will remove NEMTY REVENGE 2.0 from your computer with all of its leftovers and register files.

Solution for Windows users: our choice is BullGuard. BullGuard scans your computer and detects various threats like NEMTY REVENGE 2.0, then removes it with all of the related malicious files, folders and registry keys.

Download BullGuard windows compatible

If you are Mac user, we advise you to use Combo Cleaner.


How to decrypt .NEMTY_*ID* files?

Once you’ve removed the virus, you are probably thinking how to decrypt .NEMTY_*ID* files. Let’s take a look at possible ways of decrypting your data.

Recover data with Data Recovery

Data Recovery

  1. Download and install Data Recovery
  2. Select drives and folders with your files, then click Scan.
  3. Choose all the files in a folder, then press on Restore button.
  4. Manage export location.

Download Stellar Data Recovery

The download is an evaluation version for recovering files. To unlock all features and tools, purchase is required ($49.99-299). By clicking the button you agree to EULA and Privacy Policy. Downloading will start automatically.


Restore data with automated decryption tools

Unfortunately, due to the novelty of NEMTY REVENGE 2.0 ransomware, there are no available automatic decryptors for this encryptor yet. Still, there is no need to invest in the malicious scheme by paying a ransom. You are able to recover files manually.
You can try to use one of these methods in order to restore your encrypted data manually.

Decrypt .NEMTY_*ID* files with Windows Previous Versions

This feature is working on Windows Vista (not Home version), Windows 7 and later versions. Windows keeps copies of files and folders which you can use to restore data on your computer. In order to restore data from Windows Backup, take the following steps:

  1. Open My Computer and search for the folders you want to restore;
  2. Right-click on the folder and choose Restore previous versions option;
  3. The option will show you the list of all the previous copies of the folder;
  4. Select restore date and the option you need: Open, Copy and Restore.

Decrypt .NEMTY_*ID* files with System Restore

You can always try to use System Restore in order to roll back your system to its condition before infection infiltration. All the Windows versions include this option.

  1. Type restore in the Search tool;
  2. Click on the result;
  3. Choose restore point before the infection infiltration;
  4. Follow the on-screen instructions.

Was this tutorial helpful?
[Total: 0 Average: 0]

Leave a Comment

Time limit is exhausted. Please reload CAPTCHA.