{
	"id": "37903a9b-37b9-4fb0-8a9c-af2366247e14",
	"created_at": "2026-04-06T00:21:59.430271Z",
	"updated_at": "2026-04-10T03:20:30.27119Z",
	"deleted_at": null,
	"sha1_hash": "3f12e3fa152107e235efc4dd0c6b8483d04d185e",
	"title": "Nemty Ransomware Decryptor Released, Recover Files for Free",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2282293,
	"plain_text": "Nemty Ransomware Decryptor Released, Recover Files for Free\r\nBy Lawrence Abrams\r\nPublished: 2019-10-10 · Archived: 2026-04-05 17:07:14 UTC\r\nVictims of the Nemty Ransomware finally have something to be happy about as researchers have released a decryptor that\r\nallows them to recover files for free.\r\nSince August 2019, the Nemty Ransomware has been utilizing a variety of distribution methods [1, 2, 3] to infect victims\r\nand encrypt their files.\r\nThe good news is that victims finally get to fight back as researchers from the security firm Tesorion have created a\r\ndecryptor that works on Nemty versions 1.4 and 1.6, with 1.5 coming soon.\r\nhttps://www.bleepingcomputer.com/news/security/nemty-ransomware-decryptor-released-recover-files-for-free/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/nemty-ransomware-decryptor-released-recover-files-for-free/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nThe decryptor currently supports only a limited amount of file extensions, but Tesorion has told BleepingComputer that they\r\nare expanding support for more file types every day.\r\nThe file types currently supported by the decryptor are:\r\navi, bmp, gif, mp3, jpeg, jpg, mov, mp4, mov, mp4, qt, 3gp, mpeg, mpg, doc, docb, dot, ole, pot, pps, ppt, wbk, xlm, xls,\r\nInstead of offering a decryptor that computes a key on a victim's computer, Tesorion opted to have the decryption key\r\ngeneration done on their own servers.\r\nTesorion told BleepingComputer they went this route in order to prevent the ransomware developers from analyzing the\r\ndecryptor and learning the weakness in their algorithm.\r\nThe researchers are not wrong, either, as the ransomware developers are definitely watching as shown by the inclusion of the\r\n\"tesorion thanks for your article\" string in the latest Nemty 1.6 executable.\r\nDecrypting Nemty encrypted files\r\nTesorion provided BleepingComputer with their decryptor so that we would test its ability to decrypt Nemty encrypted files\r\nand in our tests it was able to decrypt most of the more common file types that people commonly use such as Office\r\ndocuments, videos, and images.\r\nWhen using the decryptor, users will upload an encrypted file to Tesorion's server. The supported files that can be uploaded\r\nare either a docx, .gif, .pdf, .png, .pptx, .xlsx, or .zip file.\r\nOnce a file is uploaded, Tesorian's servers will compute the decryption key for the uploaded file and send it back and load\r\ninto the decryptor.\r\nOnce loaded, victims can then select the folder or drive that they wish to decrypt and begin recovering their files.\r\nhttps://www.bleepingcomputer.com/news/security/nemty-ransomware-decryptor-released-recover-files-for-free/\r\nPage 3 of 5\n\nDecrypted Files\r\nIn the earlier builds shared with BleepingComputer, we hit some issues on certain file types. With the latest release tested\r\ntoday, the decryptor worked very well and was able to recover most of the encrypted files on my test machine.\r\nThe only files it was not able to decrypt were non-standard file formats, but as previously stated, Tesorion continues to\r\nsupport new file types every day.\r\nIn order to download the decryptor, users can contact the Tesorion CSIRT and request help with the Nemty Ransomware.\r\nTesorion will then send a link to the decryptor that will allow you to decrypt your files.\r\nTesorion has told us that they are currently working with Europol to get their decryptor on the NoMoreRansom site so that it\r\nwill become more widely available to victims.\r\nhttps://www.bleepingcomputer.com/news/security/nemty-ransomware-decryptor-released-recover-files-for-free/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/nemty-ransomware-decryptor-released-recover-files-for-free/\r\nhttps://www.bleepingcomputer.com/news/security/nemty-ransomware-decryptor-released-recover-files-for-free/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/nemty-ransomware-decryptor-released-recover-files-for-free/"
	],
	"report_names": [
		"nemty-ransomware-decryptor-released-recover-files-for-free"
	],
	"threat_actors": [],
	"ts_created_at": 1775434919,
	"ts_updated_at": 1775791230,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3f12e3fa152107e235efc4dd0c6b8483d04d185e.pdf",
		"text": "https://archive.orkl.eu/3f12e3fa152107e235efc4dd0c6b8483d04d185e.txt",
		"img": "https://archive.orkl.eu/3f12e3fa152107e235efc4dd0c6b8483d04d185e.jpg"
	}
}