Free Decryption Tool Allows Victims of Nemucod Ransomware to Retrieve Files

LIFARS Cyber 911 - 24x7 Remove RYUK Ransomware And Secure Your Data

The release of a free decryption tool will help victims of the latest version of a commonly found ransomware family called Nemucod to retrieve their files without needing to fork out the ransom.

Active since 2015, the Nemucod ransomware family has remained a common cybersecurity threat ever since. While researchers have previously cracked versions of Nemucod in the past, the developers of the ransomware are engaging in a continuous update cycle and release new versions of the ransomware in its attempt to stay ahead of cures developed by security researchers.

A new version of the ransomware, labelled NemucodAES, delivers the malicious component via a PHP script before a PHP interpreter encrypts the victim’s files. The payload is delivered through a malicious link that delivers the malware through malicious emails purporting to contain information about an undelivered package.

The key difference to previous versions if the change in encryption protocols from RC4 to a mix of AES-128 in ECB mode and RSA encryption to make those files trickier to decrypt with a randomly generated 129-bit key, per file.

Victims are presented with a ransom note demanding $300 in bitcoin, a digital currency, in exchange for the decryption key to unlock those files.

Security researchers at Emsisoft have been quick to find a cure by releasing a free decryption tool for the ransomware.

Emsisoft researchers wrote in a blog:

Not to be outplayed by cyber criminals our lab promptly went to work and produced a new version of our decrypter to handle NemucodAES and free victim’s files.

The tool, which can be downloaded here, has already seen 674 downloads at press time.

Emsisoft is notably a part of the No More Ransom initiative, a public-private partnership between law enforcement agencies and cybersecurity firms that provides free decryption keys to victims.

Featured image credit: Pixabay.