Remove Nemucod Ransomware | Updated


I wrote this article to help you remove Nemucod Ransomware. This Nemucod Ransomware removal guide works for all Windows versions.

Nemucod belongs to the family of ransomware. In other words, you are infected with the most dangerous type of infections. And this reputation is totally deserved. Nemucod is an extremely dangerous parasite. It tricks you into giving it permission to enter and then causes you a ton of troubles. As soon as the ransomware enters, your files get locked. All of them. Every picture, music files, video, documents, work-related data, etc. get encrypted with a special RSA-2048 and AES-128 algorithms and thus become inaccessible to you. You are no longer able to open or view or edit or listen to any of them. Your machine is unable to recognize their new extension. What do you think happens next? You get blackmailed, of course.

The whole purpose of ransomware parasites is to extort money from you. But instead of stealing, they rely on this technique – encrypting your data and hoping that you would do everything to get it back. Most users have some very important information stored on their machines. You probably do too and it is now out of your reach. This can make you panic so easily that you don’t even take the time to consider what you are about to do. Crooks want 0.11471 BTC which equals around 270 USD. This information you find in a TXT file, named Decrypt txt. This is the so called ransom note which Nemucod drops on your Desktop as well as in every folder containing locked data. Needless to say, don’t comply with these demands as it will only make things worse. And here is why.

Remove Nemucod Ransomware
The Nemucod Ransomware

According to the note, once you pay, the hackers will send you a special decryption tool to free your data. But let`s go over all the possible scenarios, none of which, by the way, ends well for you. Scenario number 1 – you transfer the sum, but you don’t get what you paid for. This happens a lot. Hackers just take your money and then lose all interest in you and your files. After all, ransomware infections are developed for money and money alone. Scenario number two – you pay up and the crooks send you a tool. However, this tool doesn’t work so you still cannot free your information, hence, all you did is lose money.

Scenario number three – you pay and actually get a fully-working decryptor which helps you unlock everything. But that’s all. The decryptor only removes the encryption, not the infection. In other words, Nemucod remains on board ready to re-encrypt your freshly decrypted data any time it wants. If this happens, are you going to pay again? How many times are you willing to sponsor crooks with your money? They only use them to expansion and more malware creation. Are you convinced now? That paying is not an option? We certainly hope so. What you need to do is remove Nemucod from your PC first and then safely retrieve your files. Our removal guide below can help you do that.

How did Nemucod enter? As a program, the ransomware needs your permission to get it and it uses tricks to get it. For example, spam email messages and malicious attachments. This technique may be old but the crooks don’t seem to be giving up on it. Be extra cautious when you receive a message from an unknown sender and whatever you do, don`t open it or download its attachment. Usually, such emails deliver infections. Be more vigilant and doubting. Hackers pray for your haste, distraction, and carelessness. Without them, they cannot succeed and it is your job to not let them succeed. Pay more attention when online. Also, get yourself a good anti-malware program for better security and always keep backups of your most important data to be sure it is safe.

Nemucod Ransomware Removal

Method 1: Restore your encrypted files using ShadowExplorer
Usually, Nemucod Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

  1. Download ShadowExplorer from this link:
  2. Install ShadowExplorer
  3. Open ShadowExplorer and select C: drive on the left panelshadowexplorer
  4. Choose at least a month ago date from the date field
  5. Navigate to the folder with encrypted files
  6. Right-click on the encrypted file
  7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

  1. Go to Start –> All programs –> Accessories –> System tools –> System restore
  2. Click “Nextsystem restore
  3. Choose a restore point, at least a month ago
  4. Click “Next
  5. Choose Disk C: (should be selected by default)
  6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since Nemucod Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

  1. Recuva
  2. Puran File Recovery
  3. Disk Drill
  4. Glary Undelete
Daniel Stoyanov
Daniel Stoyanov has a Master's degree in Computer Science from the Technical University of Sofia, Bulgaria. He is also a Microsoft Certified Professional. Daniel provides top cyber security news with in-depth coverage of malware, vulnerabilities, PC and Network security, online safety.If you have any questions feel free to ask him right now.


Please enter your comment!
Please enter your name here

Time limit is exhausted. Please reload CAPTCHA.