Kaspersky Lab, one of the most popular and effective anti-virus providers, says that it has brought in tool for CoinVault Ransomware. In the official announcement it says, “Are you a Ransomware victim? The National High Tech Crime Unit (NHTCU) of the Netherlands’ police, the Netherlands’ National Prosecutors Office and Kaspersky Lab have been working together to fight the CoinVault Ransomware campaign.”
Thus, it looks like it has been an outcome of the joint efforts by the two organizations wherein Kaspersky says that during the joint investigation it has been able to obtain data that can help Bitcoin users decrypt the files being held hostage on their PC. The company provides both decryption keys and the decryption application.
Kaspersky, however, warns that as this is an ongoing investigation and new keys will be added in the future. Nonetheless, solution for ‘CoinVault,’ a type of Ransomware that seals off its victim’s files behind heavy encryption, was the most awaited and bringing this up, Kaspersky is doing great service for those who feel their Bitcoin are unsafe.
After CoinVault blocks access to the target’s files, it demands an amount of Bitcoin to be sent to a provided address within 24 hours. If the money is received, the virus frees the captive files and if the money is not received within the 24 hour time limit, it raises the amount of money it demands. This has scared a lot of Bitcoin users around the world.
Moreover, as it is not just scary but pretty alarming for the entire Bitcoin ecosystem, a solution was awaited eagerly and luckily, the cyber-security company Kaspersky Lab has released a tool to help fight the infamous Ransomware. However, the tool won’t have been possible without the help from NHTCU.
The NHTCU Help Was Crucial
Equipped with data provided by the NHTCU of the Dutch police, and the Netherlands’ National Prosecutors Office, the Russian-based company was able to successfully build a Decryption Tool. Kaspersky Lab admits that the two Dutch organizations provided them with “a database from a CoinVault command & control server.”
Kaspersky also admits that the database from a CoinVault command and control server contained “IVs, Keys and private Bitcoin wallets.” Nonetheless, using this information, the team at Kaspersky was able to isolate a string of data required to bypass the malware’s encryption and free the files it holds hostage.
To contact the reporter of this story: Deepak Tiwari at firstname.lastname@example.org