Ransomware .Nakw Decrypt!

Mortymoose

Mortymoose

Honorary Master
Joined
May 26, 2013
Messages
13,616
Reaction score
11,760
Location
In the Namibian desert...
So quick question seeing as I am not enlightened as most of you out there,

A mate (It's always someone else) got his files(photographs) on his WD Nas drive encrypted with the .Nakw ransomware and he has the traditional message that tells him to pay x amount to some obscure account in order to receive a key to decrypt his files....

He is at his wits end....

/Enter moose

Are the files themselves individually decrypted now or is the OS that accesses them causing them to be decrypted?

I was wondering if I placed the NAS drive into an external enclosure and plugged that into a standalone LiNUxmInT OS would I be able to recover his files?

What say ye? Enlighten the uneducated one's

I thank you...

:sneaky:
 
ghostim said:
You are farked
malwaretips.com

How to remove NAKW ransomware (Virus Removal Guide)

If you cannot open your images, documents, or files and they have a ".nakw" extension, then your computer is infected with the STOP/DJVU ransomware. The STOP/DJVU ransomware encrypts the personal documents found on the victim's
malwaretips.com malwaretips.com
Click to expand...

:eek::D:D I ain't , my mate is....

If the files are decrypted, then opening them in Linux will solve nada, they will still be displayed as a decrypted file, even those this form of ransomware only works on Windows machines... ?
 
Mortymoose said:
His files got encrypted without his knowledge, he now has to pay U$980 to receive a decrypter to "unlock" his files....
Click to expand...

It got encrypted because he clicked on things he shouldn't have. Try the decryptors as suggested by bio, but you will have little chance without the known key unless it is an older type method applied in encrypting the data which dumps a local key in one shape or the other and decryptors usually have access to known keys which has been discovered.

Alternatively, which is a long-shot, is to wait until the ransomware developer drops their keys publicly online which have been done several times now. Ransomeware evolves, new variants are introduced close to daily.

Just to add, here is a list with more decryptors, which doesn't necessarily apply to this case:

www.nomoreransom.org

Decryption Tools | The No More Ransom Project

IMPORTANT! Before downloading and starting the solution, read the how-to guide. Make sure you remove the malware from your system first, otherwise it will repeatedly lock your system or encrypt files. Any reliable antivirus solution can do this for you.
www.nomoreransom.org www.nomoreransom.org

however, do have a look at this decryptor,

www.emsisoft.com

STOP Djvu decryptor

Free STOP Djvu ransomware decryptor by Emsisoft. Unlock your files without paying the ransom.
www.emsisoft.com

which should be included with bio's second link.
 
Sigh! Plugged my mates drive into a Linux machine, can see all the files,but all have the extension .nakw at the end,
One cannot just rename and I have now taken one single file and placed it onto a usb drive. Assuming that the file alone cannot 'spread" as it is only an encrypted file, I am going to plug the usb into a W10 machine and runt he various decryptors on the single file only....
 
Enjoy these little challenges .....

File: F:\MORTYMOOSE\2160x1920px-wallpaper-10732086.jpg.nakw
Error: Unable to decrypt file with ID: rXQMu5EV290dxqQTl6sPkKUasxNd5LJwnVNvUit1

Finished!
Click to expand...

Not working with emisoft, Next....
 
working for a resturant group and we use pilot, every branch of ours has been hit by a ransomware attacked last night into this morning, seems to have come via the Pilot POS setup though, as the branches are not in connection with one another even.
Its called 45I01ypsn
The pilot call center was at caller waiting 100+ earlier
 
under_sky said:
working for a resturant group and we use pilot, every branch of ours has been hit by a ransomware attacked last night into this morning, seems to have come via the Pilot POS setup though, as the branches are not in connection with one another even.
Its called 45I01ypsn
The pilot call center was at caller waiting 100+ earlier
Click to expand...

Was Spur able to recover from this?
 
Apogee said:
Was Spur able to recover from this?
Click to expand...
dont look after spur so i cant comment, my group is all fine business is going on as usual, but all previous documents that staff saved on the PC's IE cashups etc are gone. Luckly those get backed up weekly so only a week to two was lost.
Moving them to the cloud now so no more kak like this
 
Do you have access to a file in it's encrypted and unencrypted state, maybe something he downloaded or saved from email?
 
What ever happened to OP's friends .naked ( err .nakw) files ?
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X