Robert Carpenter

robert@tumblerlock.io — Boulder, Colorado

Ruby CLI: Nemucod Ransomware Recovery Tool

Written: Jan, 2017

Abstract: A family member recently became a victim of this scam and asked me for help, but the decryptor available didn't look like it'd run on a mac or linux. I'm always interested in diving into some malware and bit math, so I built this ruby tool to derive the key and decrypt ransomed files.

Compiling Status: valid.

Repository: Github: robacarp/nemucod_decrypt

Since this isn't a code library, it's difficult to extract relevant code samples from the repository. One specific area of interest may be the CLI interaction classes which handle interfacing with the terminal and coordinating the algorithm execution.