What's new

Kaspersky announces death of CoinVault, Bitcryptor ransomware, releases all keys


Super Moderator
Staff member
Over 14,000 keys used to unlock files encrypted by CoinVault and Bitcryptor have been released, signaling the death of the ransomware variants.

By Charlie Osborne for Zero Day | November 2, 2015 -- 10:56 GMT (02:56 PST)


Kaspersky has released all the known keys required to unlock files encrypted by the CoinVault and Bitcryptor ransomware, giving victims the chance to get their files back without paying up.

The Moscow, Russia-based cybersecurity firm says both the variations of ransomware are now dead as all the decryption keys required to unlock systems infected with the malware are now in the public domain.

Ransomware is a particularly virulent type of malicious code which spreads through phishing campaigns, malicious links and downloads. Once a system has been infected, a lock screen appears and all files on the device are encrypted.

Ransomware including CoinVault and Bitcryptor often masquerade as the FBI and other law enforcement agencies, claiming the victim has been involved in illegal activity -- such as viewing child pornography -- in an attempt to frighten people into paying a ransom to unlock their systems.

Unless victims pay up within the timeframe allowed -- a difficult proposition as ransoms are usually demanded in the virtual currency Bitcoin -- they can lose access to their data permanently.

According to McAfee's 2015 Threat Report, ransomware is on the rise and "will evolve its methods of propagation, encryption, and the targets it seeks." In Q1 2015, the company's security team witnessed a huge rise in ransomware, especially within the CTB-Locker, CryptoWall, TorrentLocker, BandarChor and Tslacrypt malware families.

Ransomware remains a serious digital threat, but luckily for victims of CoinVault and Bitcryptor, all 14,000 decryption keys are now available through Kaspersky's ransomware tool.

While working with the Netherlands' National High Tech Crime Unit (NHTCU), Kaspersky obtained the keys which can now be used to automatically decrypt all files belonging to the ransomware's victims.

See also: Ransomware rescue kit released to combat criminal enterprise

The malware authors could update the tools with a fresh set of encryption protocols -- but it doesn't look likely, considering two men have been arrested for allegedly developing the code. In September, Dutch law enforcement arrested both an 18-year-old and 22-year-old in connection to the ransomware.

"We are considering this case as closed. The ransomware authors are arrested and all existing keys have been added to our database," Kaspersky says.

The destruction of these malware variants comes at the same time as a new report which suggests a separate ransomware family, CryptoWall 3.0, has made its authors approximately $325M through extorting victims. Over 800 command-and-control (C&C) centers used to direct and control the ransomware have been discovered and researchers say at least 400,000 infection attempts have been made across 49 CryptoWall 3.0 campaigns.

Members online