NITROGEN’S ESXi ransomware has a coding fault that prevents decrypting any files after encryption, according to Coveware. The malware misuses the public key by overwriting the first four bytes of the key, which means no one actually knows the private key that pairs with the corrupted public key. Modern encryption requires both a public and a private key to unlock data, so without them, the files cannot be accessed and brute-forcing is considered practically impossible.
DataBreaches[.]Net notes that even paying for a decryptor offers no guarantees and may leave files corrupted. The post mentions that Nitrogen did not respond to enquiries via Qtox at publication, and it flags related reporting from The Register and PC Gamer as context. This example underscores why reliance on decryptors from ransomware gangs is fraught with risk, illustrating why paying ransom does not guarantee recovery and may compound damage.