Jump to content

Conti Ransomware - Files encrypted. NUEHE


Recommended Posts

Yesterday and just before 6am, a trojan deployed it's program and managed to encrypt most of my system. (strangely, no files older than 2018)

The extensions of these files are : NUEHE.

 

There's a readme in each folder that reads:

 

Quote

All of your files are currently encrypted by CONTI strain. 

As you know (if you don't - just "google it"), all of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly. 
If you try to use any additional recovery software - the files might be damaged, so if you are willing to try - try it on the data of the lowest value.

To make sure that we REALLY CAN get your data back - we offer you to decrypt 2 random files completely free of charge.

You can contact our team directly for further instructions through our website :

TOR VERSION :
(you should download and install TOR browser first https://torproject.org)

http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/

HTTPS VERSION :
https://contirecovery.top/

YOU SHOULD BE AWARE!
Just in case, if you try to ignore us. We've downloaded a pack of your internal data and are ready to publish it on out news website if you do not respond. So it will be better for both sides if you contact us as soon as possible.


---BEGIN ID---
anh89q32QF6NT0guQaHEabBGHd7k67XYw7Blzw4CRfdtuivq7XVAcIR46EmCGE9c
---END ID---

As far as I can tell, the payload file is gone having been removed by Malwarebytes (once I reinstalled it as  MWB was deleted from my system)

At this point I'm looking for a decryptor.  

I understand that this is a new one as Google has little information about it.  It being the "NUEHE" variant.

Does anyone have suggestions as to how I can decrypt these files?  My usual method of this isn't coming up zero (Kaspersky et al)

 

TIA.

 

Link to post
Share on other sites

1 hour ago, ursan said:

At this point I'm looking for a decryptor.  

I understand that this is a new one as Google has little information about it.  It being the "NUEHE" variant.

Does anyone have suggestions as to how I can decrypt these files?  My usual method of this isn't coming up zero (Kaspersky et al)

The following will be your best bet.

Ransomware Help & Tech Support at Bleeping Computer
https://www.bleepingcomputer.com/forums/f/239/ransomware-help-tech-support/

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.