Kaspersky Lab added 14.031 additional decryption keys to the online 'warehouse' noransom.kaspersky.com, giving all users who have fallen victim to ransomware programs CoinVault και Bitcryptor τη δυνατότητα να ανακτήσουν τα κρυπτογραφημένα δεδομένα τους, χωρίς να χρειαστεί να πληρώσουν ούτε ένα bitcoin ως λύτρα στους εγκληματίες.
The decryption keys and application created by Kaspersky Lab are available for free on the site https://noransom.kaspersky.com.
In total, as of April 2015, 14.755 keys have been made available to victims so they can release their files using the decryption application created by Kaspersky Lab's experts. The Dutch National Prosecutor's Office has obtained the decryption keys from CoinVault Command & Control servers. In September, Dutch police arrested two men in the Netherlands on suspicion of involvement in ransomware attacks. After these arrests - and given that the latest set of keys has now been retrieved from the server - we can say that it is time to close the CoinVault attack case.
The cybercriminals behind CoinVault attempted to infect tens of thousands of computers around the world, with the majority of victims located in the Netherlands, Germany, the US, France and the UK. Users from a total of 108 countries were affected. Criminals managed to “lock down” at least 1.500 Windows computers by demanding bitcoins by users to decrypt their files.
Kaspersky Lab discovered the first version of CoinVault in May 2014 and later contributed to the in-depth analysis of all related samples maliciousy software, in a survey carried out by Dutch Police Force Technological Crime Corps (NHTCU) and the Dutch National Prosecutor's Office. During their joint investigation, the two authorities took possession of bases data των Command & Control server του CoinVault. Οι server αυτοί περιείχαν φορείς εκκίνησης των προγραμμάτων (Initialization Vectors – IVS), κλειδιά και ιδιωτικά walleta Bitcoin. Based on these, Kaspersky Lab and the Dutch Police Force Technological Crime Corps have been able to create the dedicated decryption key online 'warehouse'.
"The story of CoinVault is over, as all victims are now able to retrieve their files, and digital criminals have been arrested thanks to the cooperation of the Dutch Police, Kaspersky Lab and Panda Security. What makes research on CoinVault unique is the fact that we were able to retrieve all the keys. Through hard work, we were able to completely break the working model of this criminal group, commented Jornt van der Wiel, a researcher at Kaspersky Lab's Worldwide Research and Analysis Group.