Nemty Revenge 2.0 ransomware

Nemty Revenge 2.0 ransomware is the virus coming from another strain of cryptovirus and naming itself in the ransom note text file

Nemty Revenge 2.0 ransomwareNemty Revenge 2.0 ransomware is the version of the malicious file-locking virus that may this time be updated. Previously this family was known for having some flaws in the coding and other features, so it is believed that this “Revenge” version comes fixed and probably even more dangerous, as researchers like Michael Gillespie[1] who reported this threat, might speculate. He reports that the first “_’ got removed from the traditional file marker and ransom note name used by Nemty ransomware, but this version as the previous ones have a pattern for file extensions that involve the name of this ransomware and particular identification key that gets developed for each victim separately. A similar pattern is used to name the ransom note file that is placed in various folders and on the desktop with instructions for payments and contact information.

Although Nemty Revenge 2.0 ransomware virus creators claim to have the decryption key and that the only solution for you is to contact them via [email protected], [email protected] email addresses, you shouldn’t even think about paying these crooks. There is a huge possibility that the decryption key is not going to reach you even when the ransom is transferred to the wallet of criminals.[2]

Name Nemty Revenge 2.0 ransomware
Family Nemty ransomware
File marker .NEMTY_[victim’s ID]
Ransom message NEMTY_[victim’s ID]-DECRYPT.txt is dropped on the desktop and in various folders containing the further instructions, contact information, and a convincing note that encourages people to send one file for test decryption or even go further and pay the ransom
Distribution Macro virus-infected email attachments deliver a malicious script and directly drops the payload of ransomware on the machine without users’ knowledge. Once the content is enabled as asked and malware gets on the system encryption starts, and in a matter of minutes your files become locked
Contact emails [email protected], [email protected]
Elimination The best Nemty Revenge 2.0 ransomware removal tool is an anti-malware program that can thoroughly scan the machine to find all malware-related files or programs
Tips for system data repair Nemty Revenge 2.0 virus can affect various directories, system files, and even disable some functions of the OS. You should get Reimage because it might indicate those corrupted parts or data, and even fix the damage as a system repair application

Nemty Revenge 2.0 ransomware is the version of the already known Nemty virus that was relying on various techniques and additional payloads or scheduled system bugs. This version is not investigated in-depth yet due to lack of malware samples, but it is possible that the virus employs one fo these encryption algorithms: AES-128, RSA-2048, RSA-8192. 

Of course, the malware can be altered or even written in a different manner, so the version depends on a particular sample of Nemty Revenge 2.0 ransomware. However, there are some features common for many cryptovirus strains, and this family especially:

  • additional installations of trojans, malware, programs, files;
  • changes in system settings or folders;
  • collecting data from the system directly like usernames, OS type, name of the device, identification key.

All these symptoms cannot be noticed by the victim because the only easily visible feature of the Nemty Revenge 2.0 ransomware is encryption when files get locked and made useless, marked with a personalized appendix. Once that is done virus delivers its ransom demanding message with a text file that shows the following:


Don’t worry, some of your files have extension .NEMTY_AZW1EKL and they are encrypted.
But you can return them!

In confirmatiom, that we have private decryption key,
We can provide test decryption for 1 file (png,jpg,bmp,gif).
It’s a business, if we can’t provide full decryption, other people won’t trust us.

There is no way to decrypt your files without our help.
Don’t trust anyone. Even your dog.

main mail: [email protected]
if no answer: [email protected]

Don’t change decryption key below!!!


It may seem that developers of the ransomware are offering you test decryption to ensure that data will get recovered after the payment. However, these people are faking the trust and trying to trick you on purpose, but you need to remove Nemty Revenge 2.0 ransomware instead of contacting them or even considering paying the demanded amount. The ransom can go up to thousands of dollars in Bitcoin.

  Nemty Revenge 2.0 ransomware virus
Nemty Revenge 2.0 ransomware is a cryptovirus that delivers a ransom note in a text file with some test decryption suggestions and other claims that should be convincing for the victim.
Although this is the version of Nemty, the recently released decryption tool is probably not going to help you with all the files affected by the new Nemty Revenge 2.0 ransomware version. The best and the most secure way to recover your files after such an instance is to replace the affected data with copies from data backups.

However, people who get affected by such threats don’t have such file storing habits. There are additional methods like third-party programs designed to recover encrypted or deleted data. Remember to perform a thorough Nemty Revenge 2.0 ransomware removal before you add anything new to the machine.

Ransomware developers typically don’t care for their victims, so you shouldn’t try to get the decryption key from them. Even when you don’t have those proper tools for file recovery it is safer to terminate the threat and clean the machine further from all the damage. When you terminate Nemty Revenge 2.0 ransomware as soon as possible it prevents additional encryption, permanent damage to the system. Rely on anti-malware tools, and you can achieve the best results, prepare a secure foundation for restoring the data.

Since Nemty Revenge 2.0 ransomware affects system functions, registry entries, other files, and programs needed for the future usage of the device, you should further clean or even repair those Windows files, registry keys, and files in directories. Reimage might help you with that.

Nemty Revenge 2.0 virus
Nemty Revenge 2.0 is the ransomware that activates various processes in the background and makes the system running slower than before. File-locking is not the only malicious feature.

Hackers rely on different techniques to infect machines

The most common techniques of malware distribution involve either infected files or impersonating services, companies that people know. Often people believe the phishing message, scam tactics, and fall for the trick. Email messages mainly have hacker-created sites as hyperlinks or macro-filled documents as attachments, so people easily get tricked into opening and visiting the content.

Hackers impersonate shipping services, shopping sites, providers, so the email claiming about financial information or order details seem safe and legitimate enough. However, this main technique used to drop malicious files on users’ devices is especially noted by security experts[3] as a serious issue that people overlook.

Infected files get created when virus installation code gets embedded into a common type file like document or PDF, database, presentation. Once that file gets downloaded and opened on the machine the window suggests enabling the additional content, and one click of the button allows the launch of malware code. You should pay more attention to suspicious emails and try to clean the email box more often.

Restore files after the thorough Nemty Revenge 2.0 virus elimination

When dealing with any cyber threat, especially malware involving money and extortion like Nemty Revenge 2.0 ransomware virus, you need to get help from specialists. This doesn’t mean that you need to get a person to remove the virus, but it means help from professional security tools.

The best Nemty Revenge 2.0 ransomware removal results can be achieved with proper anti-malware tools designed to fight viruses and developed by cybersecurity researchers. AV programs are based on different virus databases, so detection names listed on those results can differ.[4] You shouldn’t worry about the particular malware name and delete all indicated threats.

Remember that it is not enough to remove Nemty Revenge 2.0 ransomware because during the malware termination your files remain encrypted, and all the virus damage is not fixed. To tackle virus damage and possibly fix system issues, you can try Reimage, SpyHunter 5Combo Cleaner, or Malwarebytes. As for decryption options or data recovery, look for methods below or rely on the third-party program.

Reimage is recommended to remove virus damage. Free scanner allows you to check your system for damaged and corrupted files. If you need to fix them, you may need to purchase the licensed version of Reimage.

Remove Nemty Revenge 2.0 using Safe Mode with Networking

Reboot the machine in Safe Mode with Networking and run the AV tool to remove Nemty Revenge 2.0 ransomware then, to achieve the best results

  • Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8

    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Nemty Revenge 2.0 removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Nemty Revenge 2.0 using System Restore

System Restore feature is one of those functions that Windows operating system itself can provide when dealing with ransomware

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Nemty Revenge 2.0 from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by Nemty Revenge 2.0, you can use several methods to restore them:

Data Recovery Pro is the program that can help with affected files

When you don’t have backups that can help with encrypted data, you can remove Nemty Revenge 2.0 ransomware and rely on Data Recovery Pro

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Nemty Revenge 2.0 ransomware;
  • Restore them.

Try Windows Previous Versions for your encoded data

When System Restore feature gets enabled, you can recover files individually using Windows Previous Versions

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer is a helpful method capable of recovering encrypted files

When Nemty Revenge 2.0 ransomware is not affecting Shadow Volume Copies, you can use them to restore encoded data

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

There are no decryption tools for Nemty Revenge 2.0 ransomware

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Nemty Revenge 2.0 and other ransomwares, use a reputable anti-spyware, such as Reimage, SpyHunter 5Combo Cleaner or Malwarebytes

This entry was posted on 2019-11-06 at 06:43 and is filed under Ransomware, Viruses.