MegaLocker - NamPoHyu Virus (.crypted, .NamPoHyu, !DECRYPT_INSTRUCTION.TXT)

@NamVsePoHyuTeam

Its very interesting reading your story and some of your background. I can easily understand family comes first!

It must be a desperate act ruining peoples private data. Even if this just is via the iterwebs and you never get to meet the people, if its not improper to ask, how does it make you feel? Maybe stupid question, do you ever feel pity for someone? Just like what you did to that guy earlier, it shows that you are not just a barbarian!

I have to say the ransom note is kind of friendly, if we ignore the fact that you are extorting money 

Do you care to tell us how much you've earned with this attack? How many persons or companies have paid the ransom?

Do you know how many servers you have encrypted, or even files or folders?

I'm not judging or pointing fingers, just so you know! I'm genuinely interested!   I have met and spoken to many unfortunate people trough my life. Every one has a story!

Im not angry with you. I cried my eyes out for a couple of days. I have almost never deleted a single file for 15 years, i feel like my whole life was on that server (family photos, projects i never finished and so on). I had just bought some used server disks and found a rack-server in a dumpster, and was finally done sorting all my stuff. The very next step was a backup system, i just had to save up some money. I was aware of the risk if one of the disks failed, but i couldnt imagine getting all my stuff encrypted!

But some how i kind of got over it and thinking that i could wait 15-20 years before hopefully having a strong enough computer to brute force the encryption.

But as i said earlier in this thread: Boy did i learn something, and i will use that knowledge in the future! So in a way, maybe i should say thank you for opening my eyes?

Sorry for me rambling about, i know this adds no value to the thread what so ever...!

I find it extremely humorous.
This guy is a putz.
He's a script kiddie.  I'm surprised he was able to impregnate someone.  At least Darwin's theory will likely prevail.  
I am thankful that pieces of crap like this guy continually prove to the world how we are not to pity such scum.
Besides, it's more likely that his wife is a whore and his children have several different fathers, just like his mom.
Again, I do thank you though for exposing the security hole I had, even though it caused about 1% inconvenience, I can assure you it cost far more effort for you to do this than it did for me to fix it.  LOL
Putz.

Будте уверены, мои дети - смелые и сильные. Они лучше чем я. Я уверен, они потопчать европу, препадут вам третий урок,  память у вас короткая.

 

 

At first I did not quite understand what you wrote. So, Ill rather break in my belly, gobble up my gut, wrap my guts around and hang on the first tree I find, than work for the American government. My children, thanks to their mothers, won't even remember about me. Do not make me angry sir.

By no means I would want to offend you. Also if you are ready help me what should I do?

 

напиши мне по известному адресу, за свое упорство ты достоин расшифровки.

 

I already messaged you

Thank you Demonslay335 ! 

1.0.0.2 did the trick.

Cheers,

Guillaume

How to activate Bruteforcer option?

Edited by ushioetora, 11 May 2019 - 10:34 AM.

My NAS was affected by this too. I have tried running Mega Locker and it can't find the decrypter

https://id-ransomware.malwarehunterteam.com/identify.php?case=cbf449704d0474147ec86721bcceb7a4dda495dc

there's a new version?
 

Thank you Demonslay335 ! 

 

1.0.0.2 did the trick.

 

Cheers,

 

Guillaume

1.0.0.2 Does not work for me. I will have to wait. 

 

there's a new version?
 

Thank you Demonslay335 ! 

 

1.0.0.2 did the trick.

 

Cheers,

 

Guillaume

 

1.0.0.2 Does not work for me either. I will wait for another update.

Thanks @Demonslay335 for all you time and efforts to help us.

1.0.0.2 Does not work for me either. I will wait for another update.

Thanks @Demonslay335 for all you time and efforts to help us.

Not working for me either.  Date of infection 4/30/19.  Thanks @Demonslay335, keep up the good fight.

Hi Everyone,

All me files one nas was crypted on 27/01/2019, been unable to load/install the decryter software by Emsisoft.  I have run windows in admin, safe mode with and without network with no luck.

I have AVG and Emsisoft anti virus software running too which i have shut them off to install the decrypter.

All files are video.

----------------------------------------------------------------------------------------------------------------------------------------------

So after using another laptop, I was able to load/install decryter but I get pop up box saying "key not Found - Unfortunately, we were unable to find a key to decrypt your files.

Can anyone help? or have idea what going on?

Edited by Akira1979, 18 May 2019 - 12:49 PM.

 

@all

 

If the decrypter "does not work" for your files, you need to send me your ransom note and a few of such encrypted files, I can't just blindly help...

 

I'm afraid I cannot work around the network drives automatically, it has to do with the EnableLinkedConnections registry flag. By default, Windows separates network drives of your local user account, and the administrator that the decrypter has to run as (when you accept the UAC prompt). You can either copy the files to something else like a flash drive as suggested, or make the following registry tweak and reboot (under "More Information"): https://support.microsoft.com/en-us/help/3035277/mapped-drives-are-not-available-from-an-elevated-prompt-when-uac-is-co

i got the unable to find key as well, here is a rar of the instructions and a couple images from one of the folders, i was attacked last saturday 4/27

also, in some folders there are files that don't have the .nampohyu extension but are not viewable/openable, guessing they're still encrypted but didn't get renamed for some reason?

 

Stromdriver, did you manage to decrypt your files? As my file were crypted on same day as yours.

please let me know if you can.

thank you

 

 

@all

 

If the decrypter "does not work" for your files, you need to send me your ransom note and a few of such encrypted files, I can't just blindly help...

 

I'm afraid I cannot work around the network drives automatically, it has to do with the EnableLinkedConnections registry flag. By default, Windows separates network drives of your local user account, and the administrator that the decrypter has to run as (when you accept the UAC prompt). You can either copy the files to something else like a flash drive as suggested, or make the following registry tweak and reboot (under "More Information"): https://support.microsoft.com/en-us/help/3035277/mapped-drives-are-not-available-from-an-elevated-prompt-when-uac-is-co

i got the unable to find key as well, here is a rar of the instructions and a couple images from one of the folders, i was attacked last saturday 4/27

also, in some folders there are files that don't have the .nampohyu extension but are not viewable/openable, guessing they're still encrypted but didn't get renamed for some reason?

 

 

 

Stromdriver, did you manage to decrypt your files? As my file were crypted on same day as yours.

 

please let me know if you can.

 

thank you

 

no i haven't, waiting to see if they come out with a new version with more keys