Coinvault ransomware victims offered a way out
As of today, victims of the widely-spread CoinVault ransomware will be able to retrieve their data without paying a ransom, thanks to a new repository of decryption keys and a decryption application that has been made available online by Kaspersky Lab and the National High Tech Crime Unit (NHTCU) of the Netherlands' police.
The move follows Netherlands' National Prosecutors Office acquiring the database of keys from a CoinVault command and control server, which contained IVs, keys and private Bitcoin wallets. Kaspersky security experts have subsequently analysed the malware samples and built a decryption key to unlock the files and delete the Coinvault program from infected computers.
CoinVault encrypts victims' files and demands Bitcoins to unlock them, and is believed to have infected more than 1,000 Windows-based machines in over 20 countries, with the majority of victims in the Netherlands, Germany, the USA, France and the UK.