Coinvault ransomware victims offered a way out

News by Doug Drinkwater

As of today, victims of the widely-spread CoinVault ransomware will be able to retrieve their data without paying a ransom, thanks to a new repository of decryption keys and a decryption application that has been made available online by Kaspersky Lab and the National High Tech Crime Unit (NHTCU) of the Netherlands' police.

The move follows Netherlands' National Prosecutors Office acquiring the database of keys from a CoinVault command and control server, which contained IVs, keys and private Bitcoin wallets. Kaspersky security experts have subsequently analysed the malware samples and built a decryption key to unlock the files and delete the Coinvault program from infected computers.

The keys and tool can be found on, together with clear instructions on how to implement them.

CoinVault encrypts victims' files and demands Bitcoins to unlock them, and is believed to have infected more than 1,000 Windows-based machines in over 20 countries, with the majority of victims in the Netherlands, Germany, the USA, France and the UK.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews