ACSec/Observatorio
← Notas de rescate

Notas de rescate — nemty

Contactos, enlaces de pago y direcciones del atacante redactados ([redactado]).

nemty_v1.txt

---=== NEMTY PROJECT ===---
[+] Whats Happen? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on you computer has extension .nemty
By the way, everything is possible to restore, but you need to follow our instructions. Otherwise, you cant return your data (NEVER).
[+] What guarantees? [+]
It's just a business. We absolutely do not care about you and your deals, except getting benefits.
If we do not do our work and liabilities - nobody will not cooperate with us.
It's not in our interests.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key.
In practise - time is much more valuable than money.
[+] How to get access on website? [+]
  1) Download and install TOR browser from this site: [redactado]
  2) Open our website: [redactado]
When you open our website, follow the instructions and you will get your files back.
Configuration file path: [snip]

nemty_v16.txt

NEMTY PROJECT V1.6
Don't worry, all your encrypted files can be restored.
It's a business, if we can't provide full decryption, other people won't trust us.
In confirmation, that we have decryption key, we can provide you test decryption.
On our website you can upload 1 encrypted picture (png,bmp,jpg,gif) and get it decrypted.
There is no way to decrypt your files without our help.
Don't trust anyone. Even your dog.
There is 1 way how to get to the website:
1) Any browser
  a) Open your browser
  b) Type this url: nemty.hk/pay
  c) Upload this note
NEMTY DECRYPTION KEY:
[snip]

nemty_v25.txt

---> NEMTY 2.5 REVENGE <---
Some (or maybe all) of your files got encryped.
We provide decryption tool if you pay a ransom.
Don't worry, if we can't help you with decrypting - other people won't trust us.
We provide test decryption, as proof that we can decrypt your data.
You have 3 month to pay (after visiting the ransom page) until decryption key will be deleted from server.
After 3 month no one, even our service can't make decryptor.
1) Web-Browser
  a) Open your browser.
   B) Open this link: [redactado]
  c) Upload this file.
  d) Follow the instructions.
2) Tor-Browser
  a) Download&Install Tor-Browser.
   B) Open Tor-Browser.
  c) Open this link : [redactado]
  d) Upload this file.
  e) Follow the instruction.
<BEGIN NEMTY KEY>
[snip]
Notas: nemty | ACSec Observatorio Ransomware