Kaspersky has published a partial solution to the CoinVault ransomware problem that has been going around. The security company, working with the Netherlands National Prosecutors Office, managed to get their hands on a CoinVault control and command server which provided a host of decryption keys.
CoinVault is a ransomware that quietly encrypts files on computers it infects. It then prompts victims to pay a ransom for the decryption key within a short period of time, or it will permanently delete the only way for users to get their data back. Manually undoing the encryption is theoretically possible, but would likely take more time than most victims have left in their lives.
Kaspersky Labs solution to the problem is simply a way of checking if the retrieved database contains the necessary key to decrypt a particular computer. Once that is done, victims can then download the decryption software which will clean the malware from their computers. A full list of the steps has been posted on Kaspersky’s Noransom site. It should be noted that the C&C server does not contain all the encryption keys necessary to help everyone, but it does provide some leads.
With any luck, more C&C servers will be discovered and the contents added to the database for Noransom. That being said, CoinVault is not the only ransomware that is going around these days and the concept is becoming increasingly popular with cyber-criminals.
[Source: Kaspersky Lab]