Users that have found themselves as victims of the CoinVault ransomware now have the ability to have their files decrypted using a free tool that was uploaded by Kaspersky Lab, in cooperation with the Dutch police.
The tool, named the Ransomware Decryptor, utilizes decryption keys which were recovered by the Dutch police during their investigation of the CoinVault ransomware.
Ransomware such as CoinVault attacks by encrypting data stored within disks or by blocking users from accessing their computer systems. The ransomware is often installed through exploiting vulnerabilities in the computers of the victims through the propagation of phishing email messages and links leading to malicious web pages.
However, unlike other forms of ransomware, CoinVault allows victims to see the files that the ransomware has encrypted. One of these files can be decrypted for free, but for all the others, the victim will have to pay the hackers certain amounts to be able to access the PC and the user's files once again.
CoinVault has been infecting Windows PCs since November of last year.
The Dutch police's National High Tech Crime Unit was recently able to acquire a database from a command and control server of CoinVault, which included decryption keys. The information acquired from the database led to Kaspersky's development of the decryption tool that is now available to the public to use for free.
The Ransomware Decryptor is not yet 100 percent effective, as all the possible decryption keys were understandably not stored for safekeeping on that single server that the Dutch police recovered. However, officials hope that as the ongoing investigation into CoinVault progresses, more decryption keys will be discovered that would make improvements on the success rate of the decryption tool, said Jornt van der Wiel, a researcher for Kaspersky that was part of the team that created the Ransomware Decryptor.
There have been no arrests made yet by the Dutch police in connection with CoinVault. However, the authorities signaled that there could be an arrest made soon as the investigation is pointing to the fact that the mastermind behind the ransomware is located within the Netherlands.
Ransomware victims are being encouraged to report their incidents to the authorities. This is because such reports made by an individual and a company resulted in the acquisition of the decryption keys and the possible lead to the CoinVault mastermind, said the police. Any and all information coming from victims could be vital in solving the cybercrime case.