""Users that have found themselves as victims of the CoinVault ransomware now have the ability to have their files decrypted using a free tool that was uploaded by Kaspersky Lab, in cooperation with the Dutch police.
The tool, named the Ransomware Decryptor, utilizes decryption keys which were recovered by the Dutch police during their investigation of the CoinVault ransomware.
Ransomware such as CoinVault attacks by encrypting data stored within disks or by blocking users from accessing their computer systems. The ransomware is often installed through exploiting vulnerabilities in the computers of the victims through the propagation of phishing email messages and links leading to malicious web pages.
However, unlike other forms of ransomware, CoinVault allows victims to see the files that the ransomware has encrypted. One of these files can be decrypted for free, but for all the others, the victim will have to pay the hackers certain amounts to be able to access the PC and the user's files once again.
CoinVault has been infecting Windows PCs since November of last year.
The Dutch police's National High Tech Crime Unit was recently able to acquire a database from a command and control server of CoinVault, which included decryption keys. The information acquired from the database led to Kaspersky's development of the decryption tool that is now available to the public to use for free.
The Ransomware Decryptor is not yet 100 percent effective, as all the possible decryption keys were understandably not stored for safekeeping on that single server that the Dutch police recovered. However, officials hope that as the ongoing investigation into CoinVault progresses, more decryption keys will be discovered that would make improvements on the success rate of the decryption tool, said Jornt van der Wiel, a researcher for Kaspersky that was part of the team that created the Ransomware Decryptor.""
No comments:
Post a Comment