Kaspersky Lab Releases Tool To Fight Bitcoin Ransomware

CoinVault is a type of ransomware that seals off its victim’s files behind heavy encryption. After it has blocked access to the target’s files, it demands an amount of Bitcoin to be sent to a provided address within 24 hours. If the money is received, the virus frees the captive files. If the money is not received within the 24 hour time limit, however, it raises the amount of money it demands.

This is scary stuff, but luckily, the cybersecurity company Kaspersky Lab have released a tool to help fight the infamous ransomware.

Knowledge is power

Armed with data provided by the National High Tech Crime Unit of the Dutch police, and the Netherlands’ National Prosecutors Office, the Russian-based company were able to successfully build a Decryption Tool.

According to Kaspersky Lab, the two Dutch organisations provided them with “a database from a CoinVault command & control server,” which contained “IVs, Keys and private Bitcoin wallets.”

Using this information, the team were able to isolate a string of data required to bypass the malware’s encryption and free the files it holds hostage.

Ransomware is nothing new

Unfortunately, despite the impressive efforts made by teams like that of Kaspersky Labs, Bitcoin-based ransomware has not yet been completely thwarted.  Many other viruses of a similar variety exist, such as Cryptowall, CryptoLocker, and even different strains of the CoinVault virus, which are immune to the Decrypter that Kaspersky Lab have developed.

If you’ve been affected by CoinVault, head over to Kaspersky Lab’s Ransomware Decrypter. The page features a helpful How-To to help you regain access to your files. If the Decrypter doesn’t work for you, then it’s still not time to lose hope. Seeing as the investigation is still ongoing, new keys are likely going to be added in future:


“We have uploaded a huge number of keys onto the site, and together with the National High Tech Crime Unit of the Netherlands’ police we are continuously updating the information.”  –Jornt van der Wiel of Kaspersky Lab | Coindesk


And if you haven’t been affected by CoinVault, make sure it stays that way. The ransomware tends to spread through spam and phishing links, so take care not to fall for one of their traps. Prevention is better than a cure, and the most immediate way to fight an opponent like this is with awareness.