Computer users whose machines have been affected by the CoinVault ransomware can now restore the encrypted files without paying the fee demanded by the cyber criminals. Kaspersky Lab and NHTCU (National High Tech Crime Unit) of the Netherland’s police have published a decryption application online.
Database from CoinVault’s C&C Server in the Hands of the Experts
The infamous CoinVault has been encrypting user’s data for some time now, requiring a certain fee paid in Bitcoins in exchange for the decryption key. NHTCU and the National Prosecutors Office in the Netherlands have managed to obtain a database from the CoinVault’s C&C server containing Keys, private Bitcoin wallets and Initialization Vectors. New keys will be added in the course of the investigation.
A Security Researcher at Kaspersky Lab, Jornt van der Wiel says that a large number of the keys has already been uploaded to the website. In case records for a particular Bitcoin wallet are missing at the moment, users should try again in the near future because the database is being continuously updated.
The Victims of CoinVault Ransomware
Over 1 000 computers running Windows OS in more than 20 countries have been affected by the CoinVault ransomware. Most of the threat’s victims are located in the Netherlands, the USA, the UK, France and Germany. But experts have registered cases of CoinVault infection in Canada, Norway, Switzerland, Oostenrijk, Zweden, Spain, Italië, Ireland, Hungary, Russia, Croatia, China, Thailand, South Africa, Mexico and other countries.