Source: Cyware | By Sidarth Trisal
• NamPoHyu Virus, also known as MegaLocker ransomware targeted vulnerable Samba servers last month and encrypted victims’ files remotely.
• Victims can now recover all their ransomware encrypted files by using the Emsisoft decryptor for free.
NamPoHyu Virus, also known as MegaLocker ransomware targeted vulnerable Samba servers last month and encrypted victims’ files remotely. Once the ransomware encrypted the files, it appends a .crypted extension to the files. After that, it creates a ransom note named !DECRYPT_INSTRUCTION.TXT. The ransom note demanded a ransom amount of $250 for individuals and $1000 for companies.
To help victims’ decrypt their files without paying a ransom, Emsisoft has now released a free decryptor.
How does the decryptor work?
• Once you have installed the Emsisoft decryptor, start the decryptor by browsing and selecting the ransom note.
• After selecting the ransom note, the decryptor will recover the decryption key.
• Once the decryption key has been recovered, you can decrypt all the files.
The frustrated ransomware developer
In the BleepingComputer forum, researchers requested victims not to pay the ransom as experts are currently working on releasing a decryptor for the MegaLocker infection. On the other hand, the ransomware developer challenged the researchers to release the decryptor within a week failing which the ransom amount would be doubled.
“Oh, you are not good people)) And I think, why customers stopped writing? And here it is … Why entertain people with vain hopes? Should you send the source code of a decryptor to make it easier to work? Give the address, send.
You will have a week to find a way to decrypt without the aes key. After that we will raise the decryption cost FOR EVERYTHING TWO TIMES! And we will indicate this topic, so that people know who to thank))!
For individuals, decoding now costs 250, for companies 1000. It will cost 500 and 2000, respectively. Do you agree?,” the ransomware developer said.
The bottom line
The ransomware developer also threatened to change the encryption algorithm of the ransomware. It is unknown whether the developer has changed the algorithm. However, victims can now recover all their ransomware encrypted files by using the Emsisoft decryptor for free.