Other types of malware tell victims that the price will rise each day that payment is not made. Typically, the data hijackers will demand payment in Bitcoin, which makes it much harder to trace where the payment has gone and who received it. Kaspersky said that CoinVault has infected over 1,000 computers in 20 countries around the world.
“If you get infected with the CoinVault ransomware, please check noransom.kaspersky.com,” said Jornt van der Wiel, Security Researcher at Kaspersky Lab Global Research and Analysis Team. “We have uploaded a huge number of keys onto the site. If we do not currently have records for a particular Bitcoin wallet, you can check again in the near future, because together with the National High Tech Crime Unit of the Netherlands’ (NHTCU) police we are continuously updating the information.”
A Digital Break
Kaspersky had been analyzing the CoinVault malware and working on a decryption tool for victims since this flavor of ransomware was first identified in November.
The researchers got a break recently, however, when the NHTCU seized a CoinVault command-and-control server. Located on that server was a large database of decryption keys associated with the CoinVault ransomware that Kaspersky was able to use to accelerate the development of a free decryption tool. The software can also remove the malware from infected computers.
But not every victim will be able to use the free decryption tool to unlock their data, Kaspersky noted. However, both Kaspersky and the Dutch NHTCU said they anticipate recovering more decryption keys that will be added to Kaspersky’s CoinVault defense.
Best Practice: Avoid Infection
Kaspersky offers a variety of information about ransomeware and cyber extortion on its Web site, including the following warning: “Ransomware is commonly installed by triggering a vulnerability in the victim’s computer, which is generally exploited by users inadvertently opening a phishing email or accessing a malicious Web site that was created by the attackers. Kaspersky Lab’s experts found Ransomware attachments being sent out in phishing e-mails from attackers claiming to be from popular online booking services, financial institutions and social networks.”
To avoid possible infection, the most important step is to install effective and up-to-date anti-malware software, which is available from a number different of vendors, including Kaspersky. In addition, Kaspersky advised computer users to install an Internet security program (such as Windows Defender) and to always have an up-to-date backup of critical files.