Kaspersky, Law Enforcement Put an End to Ransomware Variant

Cyber security firm Kaspersky has announced that all malware authors behind the Coinvault and Bitcryptor ransomware are behind bars with the keys to decrypting infected victims’ computers now freely available for end-users.

Kaspersky has waged a war against several ransomware strains in recent times and has just announced the conquest two particular strains that set out ransom demands by seeking Bitcoin payments from its victims.

The announcement came on a website owned by Kaspersky Lab where victims can freely download the tool required to decrypt their possessed files.

The cybersecurity firm revealed that a joint investigation with the National High Tech Crime Unit (NHTCU), a department within Netherlands’ police and the Netherlands’ National Prosecutors Office has resulted in the shutting down of the comprehensive ransomware operation. The company confirmed that the authors behind the ransomware have been arrested and furthermore, all the keys required to decrypt infected victims’ computers have been added to the database.

With the announcement, Kaspersky added:

During our joint investigation we have obtained data that can help you to decrypt the files being held hostage on your PC

Kaspersky’s tool was developed in April and has added the decryption keys over time for victims of the ransomware.

Related article: Cryptowall Ransomware May Have Banked $325 Million for Its Developers

In the past, Coinvault has been known to use AES encryption that upgraded from the 128-bit block size setup to a 256-bit setup. The malware was created with Microsoft’s .NET framework and has been known to show victims the means to decrypt one file, for free. The reason for the freebie is to demonstrate their capabilities in unlocking the encrypted files, only after the bitcoin ransom payment is made, however.

To combat the strain, Kaspersky security engineers Jornt Van Der Wiel and Santiago Pontiroli built and developed the decrypting tool with AES 256 with it running block cipher mode CFB.

We are considering this case as closed. The ransomware authors are arrested and all existing keys have been added to our database.

With the announcement, Kaspersky Lab with its CoinVault Decryptor tool and the malware authors firmly behind bars thanks to the efforts of Netherlands’ law enforcement agencies has announced the end of the Coinvault and Bitcryptor ransomware.