Nemty ransomware or “Nemty Project” is designed to encrypt your personal files and demand around 1 bitcoin or $1000. The demand varies on different versions of the Nemty ransomware.
Nemty ransomware encrypts files on your computer and adds a string of random characters to the encrypted files. For example, image.jpg becomes image.jpg._NEMTY_VEHmdnl_.
The decrypt text-file with instructions is placed on the Windows desktop: _NEMTY_{random characters}_-DECRYPT.txt
In the text displayed by the ransomware, the following is reported.
—== NEMTY PROJECT ==–
[+] Whats Happen? [+]Your files are encrypted, and currently unavailable. You can check it: all files on you computer has extension ._NEMTY_VEHmdnI_
By the way, everything is possible to restore, but you need to follow our instructions. Otherwise, you cant return your data (NEVER).What guarantees? [+]
It’s just a business. We absolutely do not care about you and your deals, except getting benefits.
If we do not do our work and liabilities – nobody will not cooperate with us.
It’s not in our interests.
If you will not cooperate with our service – for us, its does not matter. But you will lose your time and data, cause just we have the private key.
In practise – time is much more valuable than money.How to get access on website? [+]
1) Download and install TOR browser from this site: https://torproject.org/.
2) Open our website: zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion/payWhen you open our website, upload this note, follow the instructions and you will get your files back.
NEMTY DECRYPTION KEY:
In most cases, it is not possible to recover the files encrypted by NEMTY ransomware without the intervention of the Ransomware developers. The only way to recover files infected by NEMTY ransomware is to pay the ransomware developers. I do not recommend to pay for the NEMTY ransomware, instead, make sure you have a valid FULL back-up of Windows and restore it immediately.
At the time of writing this article, the TOR website (zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion/pay) to pay for the NEMTY ransomware and decrypt your files – is offline. It is therefore impossible to contact the nemty ransomware developers for this particular NEMTY Ransomware version.
I’m not going to bore you with removal instructions that do not work. There is a lot of information on the Internet about how to get your files back that are encrypted by the NEMTY ransomware, but they do not work. For example, system restore, shadow copies, boot in windows recovery mode etc, these instructions do not work.
It’s a waste of time and valuable money. Most likely you need to buy a malware removal tool, which is useless in the NEMTY ransomware to personal restore files, it might remove the payload (the file that encrypted your files).
Ransomware is specifically designed to prevent users from restoring files using windows recovery, system restore, shadow copies. The only thing I recommend is to read my article: What you should do when you are infected with ransomware. The article includes a FREE malware removal tool to remove the payload of the NEMTY ransomware and instructions on how to proceed after the NEMTY ransomware infection.
