Infected with NamPoHyu Ransomware? Need to decrypt your files?
What is NamPoHyu Ransomware
Today we will talk about MegaLocker (NamPoHyu) cryptovirus, which is gaining momentum in recent times. Despite the fact that it is aimed at English-speaking users, it has already spread to the whole world. Like other analogues, NamPoHyu encrypts user files of various formats, for example, office documents, photos, video, multimedia files and so on. NamPoHyu changes the extension of these files to .NamPoHyu. Of course, after the changes are made, the files become unusable. Also, attackers create a special note file that contains information about the methods of redemption:
What happened to your files ?
All of your files were protected by a strong encryption with AES cbc-128 using NamPoHyu Virus.
What does this mean ?
This means that the structure and data within your files have been irrevocably changed,
you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.
The encryption key and ID are unique to your computer, so you are guaranteed to be able to return your files.
Your unique id: 02DCED685XXXXXXXXX41863
What do I do ?
You can buy decryption for 250$.
But before you pay, you can make sure that we can really decrypt any of your files.
To do this:
1) Download and install Tor Browser ( https://www.torproject.org/download/ )
2) Open the http://qlcd3bgmyv4kvztb.onion/index.php?id=02DCED685XXXXXXXXX3C0DFD0E241863 web page in the Tor Browser and follow the instructions.
How much time do I have to pay for decryption?
You have 10 days to pay for the ransom after decrypting the test files.
The number of bitcoins for payment is fixed at the rate at the time of decryption of test files.
Keep in mind that some exchangers delay payment for 1-3 days! Also keep in mind that Bitcoin is a very volatile currency,
its rate can be both stable and change very quickly. Therefore, we recommend that you make payment within a few hours.
How to contact you?
We do not support any contact.
What are the guarantees that I can decrypt my files after paying the ransom?
Your main guarantee is the ability to decrypt test files.
This means that we can decrypt all your files after paying the ransom.
We have no reason to deceive you after receiving the ransom, since we are not barbarians and moreover it will harm our business.
How do I pay the ransom?
After decrypting the test files, you will see the amount of payment in bitcoins and a bitcoin wallet for payment.
Depending on your location, you can pay the ransom in different ways.
Use Google to find i
nformation on how to buy bitcoins in your country or use the help of more experienced friends.
Here are some links: https://buy.blockexplorer.com - payment by bank card
How can I decrypt my files?
After confirmation of payment (it usually takes 8 hours, maximum 24 hours)
you will see on this page ( http://qlcd3bgmyv4kvztb.onion/index.php?id=02DCED685XXXXXXXXX3C0DFD0E241863 ) a link to download the decryptor and your aes-key
(for this, simply re-enter (refresh) this page a day after payment)
Download the program and run it.
Attention! Disable all anti-virus programs, they can block the work of the decoder!
Copy aes-key to the appropriate field and select the folder to decrypt.
The program will scan and decrypt all encrypted files in the selected folder and its subfolders.
We recommend that you first create a test folder and copy several encrypted files into it to verify the decryption.
The note states that the user has 10 days to pay the ransom, which can reach several hundred dollars in cryptocurrency, namely in bitcoins. Also, attackers scare the user that the files will be lost forever, if not paid on time. This is a trick. You need to calm down and carefully read our instructions to remove NamPoHyu and decrypt your files.
Update: Use following service to identify the version and type of ransomware you were attacked by: ID Ransomware. If you want to decrypt your files, please follow our instruction below or, if you have any difficulties, please contact us: firstname.lastname@example.org. We really can help to decrypt your files.
How NamPoHyu Ransomware infected your PC
In most cases, NamPoHyu comes through gaps in the user network settings. Why is this happening? The answer is very simple: users rarely use paid antiviruses; moreover, users often do not use any antivirus software or other utilities that can protect your computer. Also, keep in mind that NamPoHyu may come as an attachment to a spam mailing list or as a false update for programs and utilities installed on your PC. Below we have indicated the best ways to delete NamPoHyu and decrypt your files. Good luck!
First of all, don’t panic. Follow these easy steps below.
1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will NamPoHyu Ransomware system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the NamPoHyu Ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.
Wipersoft – fully removes all instances of NamPoHyu Ransomware – files, folders, registry keys.
You may find more detailed information about antivirus products in our article – Top 5 Antivirus Software for Windows
Restore your files using shadow copies
- Download and run Stellar Data Recovery.
- Select type of files you want to restore and click Next.
- Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
- Once the scanning process is done, click Recover to restore your files.
Step 2: Remove following files and folders of NamPoHyu Ransomware:
Related connections or other entries:
How to decrypt files infected by NamPoHyu Ransomware?
You can try to use manual methods to restore and decrypt your files.
Decrypt files manually
Restore the system using System Restore
Although latest versions of NamPoHyu Ransomware remove system restore files, this method may help you to partially restore your files. Give it a try and use standard System Restore to revive your data.
- Initiate the search for ‘system restore‘
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged. This feature is available in Windows 7 and later versions.
- Right-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore
Written by Rami Duafi