Jump to content
rjevansuk

NamPoHyu ransomware on my network drive

Recommended Posts

Hi 

I've just discovered that some of my files on my NAS drive have been infected with a ransomware virus called NamPoHyu.

it has put a file in every folder !!!CHEKYSHKA_DECRYPT_README>TXT

"All your files have been encrypted.

Your unique id: A3663CED1B824F259C8F95D020755DAA

You can buy decryption for 350$ in Bitcoins.
But before you pay, you can make sure that we can really decrypt any of your files.
The encryption key and ID are unique to your computer, so you are guaranteed to be able to return your files.

To do this:
1) Download and install Tor Browser ( https://www.torproject.org/download/ )
2) Open the y7c5bdswtvcfbb2c6waotudyrwhvetxt5xzdkq5hyxnd7clpc3dernqd.onion web page in the Tor Browser and follow the instructions."

 

All of the files now have an extension .nampohyu. Fortunately there is nothing important on this drive but I would like to remove the virus and make this drive safe.

Any suggestions?

 

Share this post


Link to post
Share on other sites

Hi, 

My name is Maurice.

Bleepingcomputer is a trusted source & a store-house of information about ransomwares.

Please see https://www.bleepingcomputer.com/news/security/decryptor-for-megalocker-and-nampohyu-virus-ransomware-released/

 

Malwarebytes has no decrypter for any variant of ransomware.

Please know that ransomwares delete themselves after doing their deed.

They also would have deleted all System Restore points and disabled the Windows System Restore service.

Ditto for the Volume Shadow copy service.

 

Note:  You can upload a copy of the ransom note file to https://id-ransomware.malwarehunterteam.com/

for a analysis of the variant of ransomware.   That site can help in identifying the variant.

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.