Nemty Revenge 2.0 ransomware (Free Guide) - Decryption Steps Included

Nemty Revenge 2.0 virus Removal Guide

What is Nemty Revenge 2.0 ransomware?

Nemty Revenge 2.0 ransomware is the virus coming from another strain of cryptovirus and naming itself in the ransom note text file

Nemty Revenge 2.0 ransomwareNemty Revenge 2.0 ransomware is the threat that focuses on file-locking because it is an easy way to make money. Nemty Revenge 2.0 ransomware is the version of the malicious file-locking virus that may this time be updated. Previously this family was known for having some flaws in the coding and other features, so it is believed that this “Revenge” version comes fixed and probably even more dangerous, as researchers like Michael Gillespie[1] who reported this threat, might speculate. He reports that the first “_' got removed from the traditional file marker and ransom note name used by Nemty ransomware, but this version as the previous ones have a pattern for file extensions that involve the name of this ransomware and particular identification key that gets developed for each victim separately. A similar pattern is used to name the ransom note file that is placed in various folders and on the desktop with instructions for payments and contact information.

Although Nemty Revenge 2.0 ransomware virus creators claim to have the decryption key and that the only solution for you is to contact them via, email addresses, you shouldn't even think about paying these crooks. There is a huge possibility that the decryption key is not going to reach you even when the ransom is transferred to the wallet of criminals.[2]

Name Nemty Revenge 2.0 ransomware
Family Nemty ransomware
File marker .NEMTY_[victim's ID]
Ransom message NEMTY_[victim's ID]-DECRYPT.txt is dropped on the desktop and in various folders containing the further instructions, contact information, and a convincing note that encourages people to send one file for test decryption or even go further and pay the ransom
Distribution Macro virus-infected email attachments deliver a malicious script and directly drops the payload of ransomware on the machine without users' knowledge. Once the content is enabled as asked and malware gets on the system encryption starts, and in a matter of minutes your files become locked
Contact emails,
Elimination The best Nemty Revenge 2.0 ransomware removal tool is an anti-malware program that can thoroughly scan the machine to find all malware-related files or programs
Tips for system data repair Nemty Revenge 2.0 virus can affect various directories, system files, and even disable some functions of the OS. You should get FortectIntego because it might indicate those corrupted parts or data, and even fix the damage as a system repair application

Nemty Revenge 2.0 ransomware is the version of the already known Nemty virus that was relying on various techniques and additional payloads or scheduled system bugs. This version is not investigated in-depth yet due to lack of malware samples, but it is possible that the virus employs one fo these encryption algorithms: AES-128, RSA-2048, RSA-8192.

Of course, the malware can be altered or even written in a different manner, so the version depends on a particular sample of Nemty Revenge 2.0 ransomware. However, there are some features common for many cryptovirus strains, and this family especially:

  • additional installations of trojans, malware, programs, files;
  • changes in system settings or folders;
  • collecting data from the system directly like usernames, OS type, name of the device, identification key.

All these symptoms cannot be noticed by the victim because the only easily visible feature of the Nemty Revenge 2.0 ransomware is encryption when files get locked and made useless, marked with a personalized appendix. Once that is done virus delivers its ransom demanding message with a text file that shows the following:


Don't worry, some of your files have extension .NEMTY_AZW1EKL and they are encrypted.
But you can return them!

In confirmatiom, that we have private decryption key,
We can provide test decryption for 1 file (png,jpg,bmp,gif).
It's a business, if we can't provide full decryption, other people won't trust us.

There is no way to decrypt your files without our help.
Don't trust anyone. Even your dog.

main mail:
if no answer:

Don't change decryption key below!!!


It may seem that developers of the ransomware are offering you test decryption to ensure that data will get recovered after the payment. However, these people are faking the trust and trying to trick you on purpose, but you need to remove Nemty Revenge 2.0 ransomware instead of contacting them or even considering paying the demanded amount. The ransom can go up to thousands of dollars in Bitcoin.

Nemty Revenge 2.0 ransomware virusNemty Revenge 2.0 ransomware is a cryptovirus that delivers a ransom note in a text file with some test decryption suggestions and other claims that should be convincing for the victim. Although this is the version of Nemty, the recently released decryption tool is probably not going to help you with all the files affected by the new Nemty Revenge 2.0 ransomware version. The best and the most secure way to recover your files after such an instance is to replace the affected data with copies from data backups.

However, people who get affected by such threats don't have such file storing habits. There are additional methods like third-party programs designed to recover encrypted or deleted data. Remember to perform a thorough Nemty Revenge 2.0 ransomware removal before you add anything new to the machine.

Ransomware developers typically don't care for their victims, so you shouldn't try to get the decryption key from them. Even when you don't have those proper tools for file recovery it is safer to terminate the threat and clean the machine further from all the damage. When you terminate Nemty Revenge 2.0 ransomware as soon as possible it prevents additional encryption, permanent damage to the system. Rely on anti-malware tools, and you can achieve the best results, prepare a secure foundation for restoring the data.

Since Nemty Revenge 2.0 ransomware affects system functions, registry entries, other files, and programs needed for the future usage of the device, you should further clean or even repair those Windows files, registry keys, and files in directories. FortectIntego might help you with that.

Nemty Revenge 2.0 virusNemty Revenge 2.0 is the ransomware that activates various processes in the background and makes the system running slower than before. File-locking is not the only malicious feature.

Hackers rely on different techniques to infect machines

The most common techniques of malware distribution involve either infected files or impersonating services, companies that people know. Often people believe the phishing message, scam tactics, and fall for the trick. Email messages mainly have hacker-created sites as hyperlinks or macro-filled documents as attachments, so people easily get tricked into opening and visiting the content.

Hackers impersonate shipping services, shopping sites, providers, so the email claiming about financial information or order details seem safe and legitimate enough. However, this main technique used to drop malicious files on users' devices is especially noted by security experts[3] as a serious issue that people overlook.

Infected files get created when virus installation code gets embedded into a common type file like document or PDF, database, presentation. Once that file gets downloaded and opened on the machine the window suggests enabling the additional content, and one click of the button allows the launch of malware code. You should pay more attention to suspicious emails and try to clean the email box more often.

Restore files after the thorough Nemty Revenge 2.0 virus elimination

When dealing with any cyber threat, especially malware involving money and extortion like Nemty Revenge 2.0 ransomware virus, you need to get help from specialists. This doesn't mean that you need to get a person to remove the virus, but it means help from professional security tools.

The best Nemty Revenge 2.0 ransomware removal results can be achieved with proper anti-malware tools designed to fight viruses and developed by cybersecurity researchers. AV programs are based on different virus databases, so detection names listed on those results can differ.[4] You shouldn't worry about the particular malware name and delete all indicated threats.

Remember that it is not enough to remove Nemty Revenge 2.0 ransomware because during the malware termination your files remain encrypted, and all the virus damage is not fixed. To tackle virus damage and possibly fix system issues, you can try FortectIntego, SpyHunter 5Combo Cleaner, or Malwarebytes. As for decryption options or data recovery, look for methods below or rely on the third-party program.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Nemty Revenge 2.0 virus. Follow these steps

Manual removal using Safe Mode

Reboot the machine in Safe Mode with Networking and run the AV tool to remove Nemty Revenge 2.0 ransomware then, to achieve the best results

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove Nemty Revenge 2.0 using System Restore

System Restore feature is one of those functions that Windows operating system itself can provide when dealing with ransomware

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Nemty Revenge 2.0. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that Nemty Revenge 2.0 removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Nemty Revenge 2.0 from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by Nemty Revenge 2.0, you can use several methods to restore them:

Data Recovery Pro is the program that can help with affected files

When you don't have backups that can help with encrypted data, you can remove Nemty Revenge 2.0 ransomware and rely on Data Recovery Pro

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Nemty Revenge 2.0 ransomware;
  • Restore them.

Try Windows Previous Versions for your encoded data

When System Restore feature gets enabled, you can recover files individually using Windows Previous Versions

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer is a helpful method capable of recovering encrypted files

When Nemty Revenge 2.0 ransomware is not affecting Shadow Volume Copies, you can use them to restore encoded data

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

There are no decryption tools for Nemty Revenge 2.0 ransomware

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Nemty Revenge 2.0 and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.

If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.


Recover files after data-affecting malware attacks

While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.

Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection. 


About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions