Kaspersky Lab added 14.031 additional keys fromencryptionin the online "warehouse" noransom.kaspersky.com, giving all users who have fallen victim to the ransomware programs CoinVault and Bitcryptor the ability to retrieve their encrypted data without having to pay a bitcoin as a ransom to the criminals.
The decryption keys and application created by Kaspersky Lab are available for free on the site https://noransom.kaspersky.com.
In total, as of April 2015, 14.755 keys have been made available to victims so they can release their files using the decryption application created by Kaspersky Lab's experts. The Dutch National Prosecutor's Office has obtained the decryption keys from CoinVault Command & Control servers. In September, Dutch police arrested two men in the Netherlands on suspicion of involvement in ransomware attacks. After these arrests - and given that the latest set of keys has now been retrieved from the server - we can say that it is time to close the CoinVault attack case.
The cybercriminals behind CoinVault attempted to infect tens of thousands of computers around the world, with the majority of victims located in the Netherlands, Germany, the US, France and the United Kingdom. Users from a total of 108 countries were affected. Criminals managed to “lock down” at least 1.500 Windows computers, demanding bitcoins from users to decrypt their files.
Kaspersky Lab discovered the first version of CoinVault in May 2014 and later contributed to the in-depth analysis of all relevant malware samples in a survey conducted by Dutch Police Force Technological Crime Corps (NHTCU) and the National Prosecutor's Office of the Netherlands. During their joint investigation, the two authorities took possession of CoinVault Command & Control server databases. These servers contained Initialization Vectors (IVS), keys, and private Bitcoin wallets. Based on these, Kaspersky Lab and Dutch Police Force Technological Crime Corps have been able to create the dedicated decryption key online 'warehouse'.
“The CoinVault story ends as all victims are now able to recover their files and the digital criminals have been caught, thanks to the cooperation of the Dutch Police, Kaspersky Lab and Panda Security. What makes the CoinVault investigation unique is the fact that we were able to recover all the keys. Through hard work, καταφέραμε να διασπάσουμε πλήρως το μοντέλο work αυτής της εγκληματικής ομάδας», commented Jornt van der Wiel, a researcher at Kaspersky Lab's Worldwide Research and Analysis Group.