Nury ransomware is one of the most recent file-encrypting malware infections to come from the notorious Djvu/STOP ransomware family. It’s also known as .nury malware because it adds .nury to all files it encrypts. It mainly targets personal files, and once they’ve been encrypted, you will not be able to open them. The malicious actors will try to sell you a decryptor for $980 but before you pay, you should take into account all the risks that come with engaging with cyber criminals. They will demand $980 for the decryptor.


Nury ransomware note


Personal files, such as photos, videos, and documents are the primary targets of ransomware. It will be obvious which files have been encrypted because they will have a .nury extension. Text.txt, for instance, would become text.txt.nury when encrypted. You cannot open files with this extension unless you first use a decryptor on them. However, the decryptor is in the hands of malware operators, and they won’t just give it to you. Instructions on how to obtain it are provided in the _readme.txt ransom note that can be found in every folder containing encrypted files.

Nury ransomware files

The Nury ransomware decryptor costs $980, according to the ransom note. Furthermore, victims who get in touch with cyber criminals within the first 72 hours will supposedly receive a 50% discount. Regardless of whether that is actually true or not, it is never recommended to pay the ransom or interact with malicious actors. You are dealing with cyber criminals, therefore there is no guarantee that you will get a decryptor even if you pay the ransom. Even if they receive a payment, malware developers are unlikely to feel obligated to assist victims. Also, keep in mind that the money obtained through victim payments will be used to finance other malicious activities.

A free Nury ransomware decryptor is, unfortunately, not currently available, so victims without backups won’t be able to recover their files for free. The ransomware versions of the Djvu/STOP family encrypt files using online keys. That essentially means that the keys are unique to each victim. Without malware developers releasing victims’ encryption keys, it seems unlikely that a free Nury ransomware decryptor will be released. These keys might eventually be made public, though, if cyber criminals choose to shut down their operations.

You should proceed with extreme caution when searching for a free Nury ransomware decryptor because there are many fake decryptors. More malware could be downloaded if you download the wrong decryptor. For decryptors, pick trustworthy sources like NoMoreRansom. If it’s not available on NoMoreRansom, a decryptor probably isn’t available.

If you have a backup of your data, you can start restoring files as soon as you remove Nury ransomware. We advise against attempting to manually delete Nury ransomware unless you are completely confident in your abilities. The procedure can be fairly complicated, and doing something wrong could result in more harm to your computer. It’s much safer to use anti-virus software.

How did Nury ransomware infect your computer?

If you have bad online habits, you’re more likely to encounter malware. Users are considerably more likely to come across malware infections like ransomware if they open unsolicited email attachments without double-checking them, use torrents to get pirated content, click on random links, etc.

Malware is routinely distributed by cyber criminals through email attachments. They purchase tens of thousands of email addresses from hacker forums for their malicious email campaigns, after which they attach harmful files to emails. When those files are opened, the infection can initiate. These emails are usually quite generic, which makes them easy to identify. The most glaring red flag is grammar and spelling mistakes in emails supposedly sent by legitimate companies. The errors are very obvious because malicious senders frequently assume the identities of employees of trustworthy companies. Legitimate emails written by companies will rarely contain errors since they appear unprofessional.

Another warning sign is when you receive emails supposedly from a company whose services you use and it addresses you as  “User”, “Member”, and “Customer” rather than using your name. In order to make the emails appear more personal, companies automatically insert customers’ names into their emails. However, as malicious actors frequently target large numbers of users at the same time and lack access to personal information about them, they use generic words.

Threat actors would generate considerably more sophisticated malicious emails if they were to target a specific individual and had access to some of their personal data. These emails would use names to address recipients, be error-free, and include information that would give the email legitimacy. Therefore, before opening any unsolicited email attachments, it is strongly advised to scan them with anti-virus software like VirusTotal.

Lastly, torrents are regularly used to spread malware. Torrent websites are frequently poorly monitored, thus criminal actors can upload files that contain malware. Using torrents to download copyrighted content for free significantly increases your risk of encountering malware infections. The majority of malware is frequently found in entertainment-related torrents, notably those for video games, TV shows, and movies. It is technically theft to use torrents to download copyrighted content, not to mention it is dangerous for your data/computer.

How to remove Nury ransomware

Because ransomware is a very complex infection, it is not advised to try to remove Nury ransomware manually. If you don’t know what you’re doing, you can end up damaging your computer further. It’s a difficult process that should be left to professionals. It is far safer to delete Nury ransomware with anti-virus software. Once the ransomware has been completely eliminated from the computer, you may access your backup and start restoring your files.

If you do not have files stored in a backup, your only option is to wait for a free Nury ransomware decryptor to be released. However, there is no guarantee that it will ever be released. While you wait for a decryptor to be made available, it’s recommended to back up your encrypted files.

Nury ransomware is detected as:

  • Win32:PWSX-gen [Trj] by Avast/AVG
  • Trojan.MalPack.GS by Malwarebytes
  • VHO:Trojan.Win32.Injuke.gen by Kaspersky
  • Trojan:Win32/Sabsik.FL.B!ml by Microsoft

Nury ransomware detections

Quick Menu

Step 1. Delete Nury ransomware using Safe Mode with Networking.

Remove Nury ransomware from Windows 7/Windows Vista/Windows XP
  1. Click on Start and select Shutdown.
  2. Choose Restart and click OK. Windows 7 - restart
  3. Start tapping F8 when your PC starts loading.
  4. Under Advanced Boot Options, choose Safe Mode with Networking. Remove Nury ransomware - boot options
  5. Open your browser and download the anti-malware utility.
  6. Use the utility to remove Nury ransomware
Remove Nury ransomware from Windows 8/Windows 10
  1. On the Windows login screen, press the Power button.
  2. Tap and hold Shift and select Restart. Windows 10 - restart
  3. Go to Troubleshoot → Advanced options → Start Settings.
  4. Choose Enable Safe Mode or Safe Mode with Networking under Startup Settings. Win 10 Boot Options
  5. Click Restart.
  6. Open your web browser and download the malware remover.
  7. Use the software to delete Nury ransomware

Step 2. Restore Your Files using System Restore

Delete Nury ransomware from Windows 7/Windows Vista/Windows XP
  1. Click Start and choose Shutdown.
  2. Select Restart and OK Windows 7 - restart
  3. When your PC starts loading, press F8 repeatedly to open Advanced Boot Options
  4. Choose Command Prompt from the list. Windows boot menu - command prompt
  5. Type in cd restore and tap Enter. Uninstall Nury ransomware - command prompt restore
  6. Type in rstrui.exe and press Enter. Delete Nury ransomware - command prompt restore execute
  7. Click Next in the new window and select the restore point prior to the infection. Nury ransomware - restore point
  8. Click Next again and click Yes to begin the system restore. Nury ransomware removal - restore message
Delete Nury ransomware from Windows 8/Windows 10
  1. Click the Power button on the Windows login screen.
  2. Press and hold Shift and click Restart. Windows 10 - restart
  3. Choose Troubleshoot and go to Advanced options.
  4. Select Command Prompt and click Restart. Win 10 command prompt
  5. In Command Prompt, input cd restore and tap Enter. Uninstall Nury ransomware - command prompt restore
  6. Type in rstrui.exe and tap Enter again. Delete Nury ransomware - command prompt restore execute
  7. Click Next in the new System Restore window. Get rid of Nury ransomware - restore init
  8. Choose the restore point prior to the infection. Nury ransomware - restore point
  9. Click Next and then click Yes to restore your system. Nury ransomware removal - restore message


More information about WiperSoft and Uninstall Instructions. Please review WiperSoft EULA and Privacy Policy. WiperSoft scanner is free. If it detects a malware, purchase its full version to remove it.

  • wipersoft

    WiperSoft Review Details WiperSoft ( is a security tool that provides real-time security from potential threats. Nowadays, many users tend to download free software from the Intern ...

  • mackeeper

    Is MacKeeper a virus? MacKeeper is not a virus, nor is it a scam. While there are various opinions about the program on the Internet, a lot of the people who so notoriously hate the program have neve ...

  • malwarebytes-logo2

    While the creators of MalwareBytes anti-malware have not been in this business for long time, they make up for it with their enthusiastic approach. Statistic from such websites like CNET shows that th ...


Site Disclaimer is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply