I wrote this article to help you remove Nuke Ransomware. This Nuke Ransomware removal guide works for all Windows versions.

The developers of Nuke ransomware have made an aggressive and rude statement just by giving their program this name. The win-locker is indeed ruthless in its attacks and demands. It encrypts files and lists precise requirements. The victims are asked to pay a certain sum within a fixed time period. Nuke ransomware warns users that their files will never be restored, if they fail to meet the demands. This is not necessarily true. There are alternative ways to recover your data after an attack from a malevolent program like Nuke ransomware. Making a deal with hackers is a risk not worth taking. They cannot be trusted to make good on a proposed deal. We do not advise you to pay the ransom.

What does Nuke ransomware do to my computer and my personal files?

Nuke ransomware utilizes AES and RSA encryption technologies to lock files. The nefarious program generates a unique 256-bit key. It rearranges the files’ codes, making them unreadable. The win-locker targets different file types, including documents, images, videos, audios, databases and archives. Nuke ransomware appends the .0x5bm file extension to the names of all infected files. The developers of the clandestine program demand a ransom in exchange for the decryption key. Nuke ransomware creates three files to notify the victim about his predicament. The win-locker changes the desktop background to a custom wallpaper which has deliberately been made bright red. The image gives a brief summary on the program’s actions and the demands of the cyber criminals. The full details are listed in a couple of ransom notes, titled !!_RECOVERY_instructions_!!.html and !!_RECOVERY_instructions_!!.txt.

The creators of Nuke ransomware are not very patient. They give people 96 hours to pay the ransom. Victims are instructed to contact the owners of the malicious program via email. They have to send an email with the subject ‘FILE RECOVERY’ to opengates@india.com. A single encrypted file has to be attached to the message. It will be sent back to you decrypted as proof of the program’s capability. You should get a response with instructions on the payment procedure within 24-48 hours. A lot of hackers set a deadline. This gives users little time to react and look for an alternate solution. Plus, the pressure makes them anxious. You should not allow the psychological tricks to cloud your better judgment. At the end of the day, there is no guarantee that paying the ransom will solve your problems. The owners of Nuke ransomware may not provide the decryption key. Even if they do, they can leave traces from the win-locker on your PC and reactivate it in time. The only safe way to decrypt Nuke ransomware is with an anti-virus program.

How did my system get infected with Nuke ransomware?

There are a couple of ways to contact Nuke ransomware. The most common carriers for the secluded program are spam emails. The win-locker can be hidden behind an attached file, listed as an important document of some kind. Spammers often write on behalf of reliable companies and entities to mislead users. The message can talk about a letter, a delivery package, a bill, a fine, a deposit, a legal notice or another instance which concerns you. The attachment will be described as an official document on the matter. The distributors of Nuke ransomware use obfuscated Javascript files to execute the transfer of the secluded program. Opening the attachment would infect your computer on the spot. To filter spam from legitimate emails, check the contacts the sender has provided in the message.

The other way to contact Nuke ransomware is through a drive-by installation. Corrupted websites and compromised links can transmit the win-locker to your machine directly. Entering the infected domain is all it takes to initiate the download and install of the sinister program. To stay safe, do your research on unfamiliar websites before visiting them. Only follow links which are provided by reliable sources.

Nuke Ransomware Uninstall

Method 1: Restore your encrypted files using ShadowExplorer
Usually, Nuke Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

1. Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
2. Install ShadowExplorer
3. Open ShadowExplorer and select C: drive on the left panel
4. Choose at least a month ago date from the date field
5. Navigate to the folder with encrypted files
6. Right-click on the encrypted file
7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

1. Go to Start –> All programs –> Accessories –> System tools –> System restore
2. Click “Next“
3. Choose a restore point, at least a month ago
4. Click “Next“
5. Choose Disk C: (should be selected by default)
6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since Nuke Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

1. Recuva
2. Puran File Recovery
3. Disk Drill
4. Glary Undelete