.nm4 ransom ware decrypter

Sajid Shaik M
Sajid Shaik M used Ask the Experts™
Dear All,

please advise the best solution to decrypt .nm4 extension   ...we have to decrypt Excel files...which are in a VM on Hyper-v.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Principal Software Engineer
There is at present no decrypter for the NMoreira ransomware.  After the first spate of carelessly written ransomware, everything making the rounds now uses very large keys and methods that are not subject to cracking by brute force.

In other words, you can get the virus out of the system but those files must be considered permanently lost.  Restore them from the most recent backup, rebuild the lost data, and severely dock the pay of whoever is responsible for bringing the infection into the system.

Under no circumstances should you pay the ransom.  There is no guarantee you will get a valid key; criminals don't work with escrow and if a working key was demonstrated to prove that they can decrypt your files, they've lost their leverage because there's only one key.  Reports from the field indicate that if you pay, there is about a 1 in 3 chance of getting a working key ... sometime in the next six months.  You can't afford to wait six months to remedy the situation.  Further, paying reinforces the criminals' belief that this activity is a good way to make money and that encourages them to produce even worse malware.

Back up the encrypted files to an external device, label it "NMoreira Ransomware Encrypted Files" and put it on the shelf.  At some time in the future it might become possible to recover those files.  But don't count on it.  Start rebuilding your files from the backups immediately.

There's only two ways to deal with ransomware.

  1. Don't let it get into your system.
  2. Make full backups to offline media as frequently as dictated by the value of the data.  Backups must be kept offline because ransomware goes after those, too.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

I agree with Dr. Klahn and I hope you have good backups.

Most ransomware comes via email from strangers and you need a top notch spam filter to keep this stuff out.

Also, train your users not to open emails from strangers.
UmbraEmsisoft Community Manager

The Emsisoft website offers a decrypter tool , you may download it and try with your encrypted files.
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

E ATech Lead

Check if this help you for NM4 ransomware removal instructions:

If you are already infected do not pay the ransom! Remove the virus and look for other solutions rather than paying. Paying the ransom may be your only option if you have really valuable data. The risk of losing money and still stuck with encrypted files since there is no guarantee in any way that you will recover what one is lost.

Best solution is if you have a backup, wipe your hard drive and perform system restore. If not, backup your data frequently. Store backup data in any removable storage device or use any online backup services.

Refer to below links to protect yourself from ransomware attack:


Hope this helps!
Distinguished Expert 2018

There is no way to decrypt the files at this point in time as Dr. Klahn mentioned already.

At this point, you should be working to
1) Mitigate the problem from the network, which includes investigating the root cause as well as the system(s) that got infected, as well as reimaging those systems.
2) Restoring data from backups (which hopefully aren't encrypted) to get back up and running
3) Review your environment's security. Hopefully a system was not hacked to begin with, but you need to investigate. Tighten up your security processes. Also you should focus around user education. Remember that they are the last line of defense,
Scott CSenior Engineer

I know it's common advice to not pay the ransom and I agree with that sentiment.

However, only YOU can decide whether to pay the ransom to try to get your files back.  One company I work for paid the ransom and was able to recover the files....I've heard other stories where ransom was paid and the files were not recovered.

It's easy for people to say "under no circumstances pay the ransom" but ultimately that decision is up to you.

If losing the data can potentially cost lives or the company itself, then try to get the data back by any means necessary.

But that being said...if the data is THAT important then backups should have been being made.
UmbraEmsisoft Community Manager

In case of Ransomware , a company should weight the pros and cons of paying the ransom or not.

in case it decide to pay,  the company must be sure that the decrypting key is really valid  and will work for all the encrypted files.


nice advice...thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial