April 14, 2015
From now on, victims of CoinVault ransomware have the opportunity to recover their data without paying criminals, thanks to a repository of decryption keys and a decryption application made available online by Kaspersky Lab and the National Crime Unit. Technology Department (NHTCU) of the Dutch police. Keys and tool can be found at noransom.kaspersky.com, along with clear instructions on how to implement them.
The CoinVault ransomware has been around for some time now, encrypting victims’ files and demanding Bitcoins to decrypt them. To help victims recover from an attack, the NHTCU and the Netherlands Office of National Prosecutors obtained a database from a CoinVault command and control server. This server contained Initialization Vectors (IVs), Keys and private Bitcoin wallets that helped Kaspersky Lab and NHTCU to create the special repository of decryption keys. As the investigation is ongoing, new keys will be added as they become available.
«If you get infected with CoinVault ransomware, please go to noransom.kaspersky.com. We have uploaded a huge number of keys to the site. In case we do not have records of a particular Bitcoin wallet, you can check again later, because in conjunction with the National High-Tech Crime Unit of the Dutch police we are constantly updating the information, “said Jornt van del Wiel, Investigator Officer of the Kaspersky Lab Global Research and Analysis Team.
If a computer has been infected with CoinVault, an image like this will appear on the screen:
CoinVault has infected more than 1,000 Windows operating system machines in more than 20 countries, with the majority of victims in the Netherlands, Germany, the United States, France, and the United Kingdom. Victims have also been recorded in Belgium, Austria, Switzerland, Norway, Sweden, Luxembourg, Denmark, Slovakia, Slovenia, Spain, Italy, Hungary, Ireland, Croatia, Russia, Canada, Israel, United Arab Emirates, China, Indonesia, Thailand, South Africa, Australia, New Zealand, Argentina, Panama, the Dominican Republic, and in Mexico.
“Today, many believe that fighting cybercrime requires public-private partnerships. We do so. Talk to your partners, identify how they can help each other to achieve a mutual goal: to help in cybersecurity, ”explains Marijn Schuurbiers from the Dutch Police High-Tech Crime Team.
Kaspersky Lab security experts also analyzed the malware samples and designed and built a decryption tool that can unlock files and erase the CoinVault malware from infected computers.
[+] Videos de nuestro canal de YouTube