14 DAY TRIAL // Kaspersky Lab has published an additional 14,031 decryption keys that can be used to unlock personal files encrypted by the CoinVault and Bitcryptor ransomware.
Cyber-security vendors first observed CoinVault attacks in May 2014. Since then, this aggressive ransomware that heavily encrypts data files on infected computers has made over 1,500 victims in more than 108 countries.
As Kaspersky and other antivirus companies upgraded their detection tools, CoinVault's authors have also slowly updated their code, releasing Bitcryptor, as a second-generation CoinVault version.
Their campaigns, even if quite successful, have not managed to keep them safe from law enforcement agencies. Back in September, after a joint investigation between Kaspersky Lab, Panda Labs, and the Dutch Police, CoinVault's authors, two men from Amersfoort, Holland, were arrested by local law enforcement agencies.
After police had gained access to the cyber-crooks' infrastructure, Kaspersky Lab experts were able to extract all the remaining CoinVault and Bitcryptor decryption keys from the C&C server, and publish them on the noransom.kaspersky.com website.
Victims that had their computers infected by this ransomware, if they still have the encrypted data lying around on their PC, can go and download the decryption key (which they would have gotten only after paying the Bitcoin ransom to the attackers) and decrypt their files.
This may be just a little bit too late for some users, who tend to delete ransomware-encrypted files since they become useless and just take up hard drive space.
UPDATE: Kaspersky has been offering CoinVault decryption keys on the noransom.kaspersky.com website since 2014, but their database was incomplete. It is now. We forgot to mention this fact in our first version of this article.
