Nmcrypt Ransomware

What is Nmcrypt Ransomware?

Researchers working at anti-spyware-101.com have detected a new ransomware-type infection Nmcrypt Ransomware in the wild. It has turned out that this infection is not exactly a brand new threat since it seems to be a new version of an older crypto-threat NM4 Ransomware. The main thing that distinguishes it from the older version of this ransomware infection is the filename extension it uses. While the previous version used the .NM4 extension to mark encrypted files, Nmcrypt Ransomware appends .nmcrypt to all those files it affects, but there is no doubt that they share the same goal. Cyber criminals develop ransomware infections because they want to obtain money from users, and since they know that it is not so easy to make them send money, they usually set these malicious applications to lock the most valuable files they have. In other words, if the user ever gets infected with crypto-malware, the chances are high that he/she will find all documents, pictures, videos, and many other files encrypted. In such a case, you have only two choices. First, send money to cyber criminals expecting that they will unlock files for you or give you the decryption tool. Second, delete the ransomware infection from your system fully and then restore those affected files from a backup. The choice is yours, so choose wisely.

What does Nmcrypt Ransomware do?

Nmcrypt Ransomware is a typical ransomware infection, so do not be surprised that you will find almost all your files locked after the entrance of this malicious application. It will not be difficult to recognize those encrypted files because they will all get the .nmcrypt extension appended. After the encryption of users’ personal data, the ransomware infection also deletes all Shadow Volume Copies by executing one specific command: vssadmin.exe Delete Shadows /All /Quiet. Finally, it drops a file "Recovers your files.html". You will find a message for you inside it if you open this file but do not expect that you will be explained how to unlock those encrypted files for free. Instead, you will be told that your files have been encrypted using AES-256 and RSA-2048, and the only way to unlock them is to use the private key. Cyber criminals behind this ransomware infection have this key and offer users to purchase it from them. Users are, first, instructed to download the TOR browser from the provided link and then open one of the indicated .onion links. When you do this, you should find out how much it costs and how money can be transferred to cyber criminals. Do not pay a cent to crooks even if you find the decryptor quite cheap because you might not even get it from crooks. In addition, it is unclear whether they have it and whether it really works as it should. Since the ransomware infection deletes all Shadow Volume Copies of files too, do not expect to find a free decryptor that could unlock files for you on the web. Your only chance to fix your files is to restore them from a backup you have.

Where does Nmcrypt Ransomware come from?

We are not going to lie – it is still not easy to talk about the distribution of Nmcrypt Ransomware since it is a new infection that has not affected many computers, but our specialists are 99% sure that it would be distributed like other threats that belong to the crypto-malware category. That is, they believe that it should be distributed as an attachment in the future. Usually, spam emails hold attachments containing harmful malware, so it would be best not to go anywhere near these emails. It would be best to stop clicking on untrustworthy links and advertisements too because the download and installation of harmful malware might be initiated with the single click. Finally, you should also stop downloading applications from various torrent and similar websites because there is a huge possibility to download malware from them.

How to delete Nmcrypt Ransomware

It will only take a few minutes to delete Nmcrypt Ransomware fully from the system if you use our step-by-step manual removal instructions (you can find them right below this paragraph). You only need to delete the launcher of the ransomware infection and its ransom note. Since this launcher might have a random name, it would be best to delete all recently downloaded suspicious files. They should be located in the Downloads folder (%USERPROFILE%\Downloads). Of course, it is possible to clean the system quicker. To delete malware automatically, you need to have an automated malware remover installed on your computer. Then, you will simply need to launch it to get all active threats removed for you.

Nmcrypt Ransomware removal guide

1. Press two buttons on your keyboard simultaneously: Win+E.
2. Go to the Downloads folder and remove all suspicious files from it.
3. Remove all suspicious files from your Desktop.
4. Delete Recovers your files.html.
5. Empty Trash (right-click on your Recycle Bin and select Empty Recycle Bin). Download Removal Tool100% FREE spyware scan and
   tested removal of Nmcrypt Ransomware*