Nemucod Ransomware


Nemucod is a type of ransomware – malicious software, which has been circulating the web for over two decades now. At first it was only around in Russia, but now it’s more or less everywhere and can infect anyone. Unfortunately, it’s only growing in popularity and the reason for this is largely the crypto currency Bitcoin.

Bitcoins are practically untraceable and the hackers behind Nemucod and others like it have learned to request the ransom for the encryption keys, which you need for accessing your files, in Bitcoins. This makes them more or less unstoppable; otherwise they’d be doing time in prison and wouldn’t be messing with other people’s computers.

If you’ve been infected by Nemucod, you probably already found out about it from a disturbing message on your screen, which let you know exactly just how deep trouble you’re in. Never fear, however, we’re here to help and have designed a guide, which will instruct you to remove this pesky virus from your computer. Keep in mind that removing it won’t restore your files, but we might have got that covered too, as you’ll see if you keep reading.

How exactly Nemucod operates and how it gets into your PC

Let’s start from that last part. The majority of instances of ransomware infection occur via email. Most likely you were sent an email with some attachment or a hyperlink, which when you opened unleashed hell onto your system. Inside there was a Trojan horse, which downloaded – without asking for your permission or acknowledgement – Nemucod onto your PC. There. Once that’s been done, it will go about encrypting your files, going completely unnoticed and then prompting the aforementioned message with the ransom note. Depending on how powerful your processor is and the amount of data stored, you do however stand a chance at catching Nemucod ‘in the deed’. You might notice that your computer is running unusually slow and this should send you searching your Task Manager for suspicious processes. Sort those by memory used, because this baby will be using a whole lot of RAM, and if you see it – it’s lights off. Switch off your PC right that moment and turn to a professional for help.

To pay or not to pay

Well, this one is solely up to you. We would advise you not to, because the drawbacks are more to this than there are positive aspects. Let us go over them and we can begin with the only good side to this.

Pro: You pay the ransom, they give you the encryption key, it works and you have full access to your files again. Great!

Cons: You pay the ransom amount; they don’t send you the key. Not so feisty now, right? Or here’s another one: you pay, they DO send it, and it doesn’t work for all your files. Something tells us, they’re not going to care much. And, not to be playing the moral police here, but by giving criminals money – aren’t you supporting them? And these guys are criminals, even if you can’t see them and they haven’t exactly robbed a bank or threatened to kill someone. But, like we said – it’s up to you. We can only offer you to try out the below steps first, because by the very least they will not cause further damage to your data, even if they don’t succeed in recovering all of it.

How to be safe in the future

It goes without saying that a good, proven anti-malware program must be installed and functioning on your computer. We recommend running virus checks frequently to always be sure no malware has made its way into your system. You should also avoid going to obscure websites, which might be harboring viruses and other unwanted programs. These could include, but aren’t limited to open-source download sites, for example. That being said, you should especially avoid downloading anything from websites like these, because there’s no telling what else can come bundled with your desired software or file. And, of course, be very cautious with emails you receive from unfamiliar sources. If the sender seems far too suspicious – simply don’t open the email, but if you have gone so far already, at least abstain from downloading and opening the attachment(s) and/or following the link inside, should there be one.


Name Nemucod
Type Ransomware
Detection Tool

Nemucod Ransomware Removal

Search Marquis is a high-profile hijacker – you might want to see if you’re not infected with it as well.
You can find the removal guide here.

About the author

Violet George

Violet is an active writer with a passion for all things cyber security. She enjoys helping victims of computer virus infections remove them and successfully deal with the aftermath of the attacks. But most importantly, Violet makes it her priority to spend time educating people on privacy issues and maintaining the safety of their computers. It is her firm belief that by spreading this information, she can empower web users to effectively protect their personal data and their devices from hackers and cybercriminals.

Leave a Comment