NamPoHyu ransomware on my network drive

[rjevansuk]

Hi 

I've just discovered that some of my files on my NAS drive have been infected with a ransomware virus called NamPoHyu.

it has put a file in every folder !!!CHEKYSHKA_DECRYPT_README>TXT

"All your files have been encrypted.

Your unique id: A3663CED1B824F259C8F95D020755DAA

You can buy decryption for 350$ in Bitcoins.
But before you pay, you can make sure that we can really decrypt any of your files.
The encryption key and ID are unique to your computer, so you are guaranteed to be able to return your files.

To do this:
1) Download and install Tor Browser ( https://www.torproject.org/download/ )
2) Open the y7c5bdswtvcfbb2c6waotudyrwhvetxt5xzdkq5hyxnd7clpc3dernqd.onion web page in the Tor Browser and follow the instructions."

 

All of the files now have an extension .nampohyu. Fortunately there is nothing important on this drive but I would like to remove the virus and make this drive safe.

Any suggestions?

 

[Maurice Naggar]

Hi, 

My name is Maurice.

Bleepingcomputer is a trusted source & a store-house of information about ransomwares.

Please see https://www.bleepingcomputer.com/news/security/decryptor-for-megalocker-and-nampohyu-virus-ransomware-released/

 

Malwarebytes has no decrypter for any variant of ransomware.

Please know that ransomwares delete themselves after doing their deed.

They also would have deleted all System Restore points and disabled the Windows System Restore service.

Ditto for the Volume Shadow copy service.

 

Note:  You can upload a copy of the ransom note file to https://id-ransomware.malwarehunterteam.com/

for a analysis of the variant of ransomware.   That site can help in identifying the variant.