.nm4 ransom ware decrypter

Dear All,

please advise the best solution to decrypt .nm4 extension   ...we have to decrypt Excel files...which are in a VM on Hyper-v.

thanks
LVL 21
Sajid Shaik MSystem AdminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dr. KlahnPrincipal Software EngineerCommented:
There is at present no decrypter for the NMoreira ransomware.  After the first spate of carelessly written ransomware, everything making the rounds now uses very large keys and methods that are not subject to cracking by brute force.

In other words, you can get the virus out of the system but those files must be considered permanently lost.  Restore them from the most recent backup, rebuild the lost data, and severely dock the pay of whoever is responsible for bringing the infection into the system.

Under no circumstances should you pay the ransom.  There is no guarantee you will get a valid key; criminals don't work with escrow and if a working key was demonstrated to prove that they can decrypt your files, they've lost their leverage because there's only one key.  Reports from the field indicate that if you pay, there is about a 1 in 3 chance of getting a working key ... sometime in the next six months.  You can't afford to wait six months to remedy the situation.  Further, paying reinforces the criminals' belief that this activity is a good way to make money and that encourages them to produce even worse malware.

Back up the encrypted files to an external device, label it "NMoreira Ransomware Encrypted Files" and put it on the shelf.  At some time in the future it might become possible to recover those files.  But don't count on it.  Start rebuilding your files from the backups immediately.

There's only two ways to deal with ransomware.

  1. Don't let it get into your system.
  2. Make full backups to offline media as frequently as dictated by the value of the data.  Backups must be kept offline because ransomware goes after those, too.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnBusiness Consultant (Owner)Commented:
I agree with Dr. Klahn and I hope you have good backups.

Most ransomware comes via email from strangers and you need a top notch spam filter to keep this stuff out.

Also, train your users not to open emails from strangers.
UmbraEmsisoft Community Manager Commented:
The Emsisoft website offers a decrypter tool , you may download it and try with your encrypted files.
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

E ATech LeadCommented:
Check if this help you for NM4 ransomware removal instructions:
https://www.pcrisk.com/removal-guides/11207-nm4-ransomware

If you are already infected do not pay the ransom! Remove the virus and look for other solutions rather than paying. Paying the ransom may be your only option if you have really valuable data. The risk of losing money and still stuck with encrypted files since there is no guarantee in any way that you will recover what one is lost.

Best solution is if you have a backup, wipe your hard drive and perform system restore. If not, backup your data frequently. Store backup data in any removable storage device or use any online backup services.

Refer to below links to protect yourself from ransomware attack:

http://expert-advice.org/2017/07/ways-to-protect-yourself-from-ransomware-attack/
https://www.lepide.com/blog/what-can-you-do-if-youve-become-the-victim-of-a-ransomware-attack/

Hope this helps!
masnrockCommented:
There is no way to decrypt the files at this point in time as Dr. Klahn mentioned already.

At this point, you should be working to
1) Mitigate the problem from the network, which includes investigating the root cause as well as the system(s) that got infected, as well as reimaging those systems.
2) Restoring data from backups (which hopefully aren't encrypted) to get back up and running
3) Review your environment's security. Hopefully a system was not hacked to begin with, but you need to investigate. Tighten up your security processes. Also you should focus around user education. Remember that they are the last line of defense,
Scott CSenior EngineerCommented:
I know it's common advice to not pay the ransom and I agree with that sentiment.

However, only YOU can decide whether to pay the ransom to try to get your files back.  One company I work for paid the ransom and was able to recover the files....I've heard other stories where ransom was paid and the files were not recovered.

It's easy for people to say "under no circumstances pay the ransom" but ultimately that decision is up to you.

If losing the data can potentially cost lives or the company itself, then try to get the data back by any means necessary.

But that being said...if the data is THAT important then backups should have been being made.
UmbraEmsisoft Community Manager Commented:
In case of Ransomware , a company should weight the pros and cons of paying the ransom or not.

in case it decide to pay,  the company must be sure that the decrypting key is really valid  and will work for all the encrypted files.
Sajid Shaik MSystem AdminAuthor Commented:
nice advice...thanks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Ransomware

From novice to tech pro — start learning today.