How to remove Nqedrmt ransomware

Nqedrmt's ransom note:

ALL YOUR DOCUMENTS PHOTOS DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED!
====================================================================================================
Your files are NOT damaged! Your files are modified only. This modification is reversible.

The only 1 way to decrypt your files is to receive the private key and decryption program.

Any attempts to restore your files with the third party software will be fatal for your files!
====================================================================================================
To receive the private key and decryption program follow the instructions below:

1. Download 'Tor Browser' from https://www.torproject.org/ and install it.

2. In the 'Tor Browser' open your personal page here:

[REDACTED]

Note! This page is available via 'Tor Browser' only.
====================================================================================================
Also you can use temporary addresses on your personal page without using 'Tor Browser':

[REDACTED]

Note! There are temporary addresses! They will be available for a limited amount of time!

What is Nqedrmt ransomware

Nqedrmt ransomware is an illegal program that is a part of the Magniber ransomware family. It is known to spread through malicious websites that mimic the look of Windows Update, as well as by exploiting the flaws in the Internet Explorer browser. It is, of course, possible for it to infect computers in other ways as well – these are just the most common ones. It mainly targets people in Asian countries like China, South Korea, and Singapore.
Ransomware in general, in case you’re not familiar, is a class of viruses that generate money for the hacker through extortion. The ransomware virus, once on the victim’s computer, will encrypt all the data, and then demand ransom to decrypt it via a ransom note. The image above contains Nqedrmt’s ransom note if you’re interested in reading it. Otherwise, here’s a summary.
The ransom note is called “README.html”. It contains no important information – instead, the victim is asked to download Tor Browser and navigate to their personalized page.

Here is an example of such a page. As you can see, the hackers appear to be asking for 0.18 BTC, or 0.09 BTC if paid within first five days. Note that that these prices may change from victim to victim.
The ransom web page correctly says that 0.18 BTC is $5466 – and that’s quite a lot of money. With this guide, however, you will be able to remove Nqedrmt ransomware without paying a dime. It will be a little bit harder to decrypt .nqedrmt files, and you may not be able to recover everything – but it might be possible, too.

Scroll to top