On 14 September 2015, the Dutch Police arrested two men (18 and 22 years) from the area Amersfoort (NL) of the Netherlands as suspected of involvement in his attacks ransomware program CoinVault. 
The Malware Campaign launched in May of 2014 and continued this year, targeting users in over 20 countries.
Η Kaspersky Lab contributed to the investigation by helping the Dutch Police of Technology TechnologicalNHTCU) in identifying and recognizing alleged as attackers. OR Panda Security also contributed to research by suggesting various malware samples.
The digital criminals behind CoinVault tried to "pollute" tens of thousands of computers worldwide, with the majority of victims located in the Netherlands, the Germany, the USA, France and the UK.
They managed to "lock" at least 1.500 computers with functional Windows, απαιτώντας bitcoins ως λύτρα, για να αποκρυπτογραφήσουν τα αρχεία.
The digital criminals behind this campaign have tried several times to modify their creatures so they can continue to turn against new victims.
Η initial report Kaspersky Lab on CoinVault was released in November of 2014, after the first malware sample was detected. The campaign then stopped until April 2015 when a new sample was detected. In the same month, Kaspersky Lab and the Dutch Police of Technology Prosecution Body presented the site noransom.kaspersky.com, which is a decryption key "warehouse". Additionally, an internet decryption application was provided.
With these tools, the victims of CoinVault had the opportunity to recover their data, without paying the criminals.
Panda Security then contacted Kaspersky Lab as it had found information about additional samples of malware. Investigation of these samples by Kaspersky Lab revealed their relationship with CoinVault.
A careful analysis of all relevant malware samples was completed and then handed over to the Dutch Police.
"The Dutch police often work with individuals. In this research, the Kaspersky Lab played an important role, as it helped us identify and locate the group of attackers behind the CoinVault. "This shows that by working together, we can catch more criminals."said Thomas Aling, on behalf of the Dutch Police.
"In April 2015, a new sample was found on the Internet. Interestingly, this sample contained phrases in perfect Dutch throughout the binary system. Dutch is a relatively difficult language to write without mistakes. Thus, from the beginning of the investigation, suspicions were raised that the alleged creators of the malware had something to do with the Netherlands. This was later confirmed. "Winning the battle against CoinVault has been a joint effort by law enforcement and private companies, and it is true that we have achieved a very good result: the arrest of two suspects." "said Jornt van der Wiel, a Kaspersky Lab security researcher.
In order to prevent a computer from being infected by malware, the Dutch Police and Kaspersky Lab recommend users to confirm that their software and antivirus programs are always up to date.
Additionally, it is a good idea for users to make copies security for their important files regularly and store them in a device which is not connected to the Internet.
Finally, users should never proceed with a ransom payment, as this gives cybercriminals an incentive to continue their activity, while not always leading to the actual "freeing" of the victims. files their.
More information about CoinVault ransomware is available on the site Securelist.com.
