His victims ransomware program CoinVault they now have a chance to recover the data τους χωρίς να πληρώσουν τίποτα στους εγκληματίες πίσω από την επίθεση, χάρη στα ειδικά κλειδιά και την application decryptors available online from Kaspersky Lab and the Police of Technology of the Dutch Police (NHTCU).
The keys and the tool are available on the site noransom.Kaspersky.com, together with clear instructions to users for their implementation.
The ransomware program CoinVault, which has been active for quite some time, encrypts victims' files and requires Bitcoins to unlock them. To help victims recover their files after an attack, the NHTCU and the Dutch National Prosecutor's Office seized a database from a CoinVault Command & Control server. This server contained Initialization Vectors (IVS), Keys and privates walleta Bitcoin. This helped Kaspersky Lab and NHTCU to develop the special site where the decryption keys are available. Since research is ongoing, new keys will be added as soon as they become available.
"If a user is" infected "by CoinVault, he or she can visit it noransom.kaspersky.com, where we've uploaded a huge number of keys. If there are currently no files available for a specific Bitcoin wallet type, it can look back at website soon, as we are constantly updating the relevant ones information, in cooperation with the Dutch Police's Technological Crime Unit", said Jornt van der Wiel, Researcher at Kaspersky Lab's Worldwide Research and Analysis Group.
CoinVault has infected more than 1.000 Windows computers in more than 20 countries, with the majority of victims being in the Netherlands, Germany, the US, France and the United Kingdom. Victims have also been reported in Belgium, Austria, Switzerland, Norway, Sweden, Luxembourg, Denmark, Slovakia, Slovenia, Spain, Italy, Hungary, Ireland, Croatia, Russia, the Canada, Israel, the United Arab Emirates, China, Indonesia, Thailand, South Africa, Australia, New Zealand, Panama, the Dominican Republic and Mexico.
"Many believe that the fight against digital crime requires cooperation between the public and private sectors. And that's what we are doing. We all have to talk to our colleagues and see how we can contribute to achieving the common goal that is none other than maintaining digital security, commented Marijn Schuurbiers of the Dutch Police's Technological Crime Corps.
Security experts from Kaspersky Lab analyzed also malware samples and developed a decryption tool that can unlock files and delete the CoinVault malware from "infected" computers.
To find out how to remove the CoinVault ransomware program from your computer and restore your files, visit https://noransom.kaspersky.com/.
How can "contamination" be avoided? Keep your anti-malware software up to date and regularly back up your most important files.
Kaspersky Lab solutions detect this "family" of malware under the code name "Trojan-Ransom.Win32.CrypmodadV.cj".