How CoinVault or Bitcryptor victims could try to recover their files

Victims of CoinVault ransomware can now rely on a new set of encryption keys added to the free CoinVault Ransomware Decryptor tool to recover their files.

Every day, dozens of users ask me how to decrypt their data locked by various ransomware such as CoinVault or Bitcryptor?

Now I have a good news for them, it is possible to use a free tool to recover the encrypted files.

The tool was designed by the experts of the Kaspersky Lab in collaboration with the Dutch police, the experts have used a set of encryption keys extracted from command-and-control (C&C) servers used by two groups that were using CoinVault and Bitcryptor.

In May 2014, the investigators detected numerous attacks based on the  CoinVault ransomware that infected more than 1,500 victims in more than 108 countries.

In April 2015,  the Dutch Public Prosecution Service extracted a set of CoinVault Decryption keys from a database present on a seized command and control server.

In April 2015, the expert from Kaspersky Lab announced the development of the tool called “CoinVault Ransomware Decryptor”, the researcher teamed up with The National High Tech Crime Unit (NHTCU) of the Dutch Police.

The tool included a set of around 750 decryption keys recovered from CoinVault servers hosted in the Netherlands.

In response to the action of the law enforcement, the authors of CoinVault updated their code and released a new version dubbed Bitcryptor.

Now the law enforcement could rely on additional 14,031 decryption keys obtained last month by the Dutch authorities following the arrest of two men in connection with CoinVault and Bitcryptor ransomware attacks.

The keys have been included in the Kaspersky’s Ransomware Decryptor Service which is available on the noransom.kaspersky.com website.
If you are a victim of CoinVault and Bitcryptor ransomware attacks you can try to download these keys to unlock the encrypted files.
To decrypt the file use the following procedure:
  1. Step 1: If you are infected with CoinVault, just note down the Bitcoin wallet address mentioned by the malware on the screen.
  2. Step 2: Get the encrypted file list from ransomware interface.
  3. Step 3: Download an effective antivirus and remove CoinVault Ransomware first.
  4. Step 4: Open https://noransom.kaspersky.com and download the decryption tool released by Kaspersky Labs.
  5. Step 5: Install additional libraries and Decrypt your files.

In order to protect your computer from malware:

  • Ensure your system software and antivirus definitions are up-to-date.
  • Avoid visits suspicious websites.
  • Regularly backup your important files to a separate drive or storage that are only temporarily connected.
  • Be on high alert for pop-ups, spam, and unexpected email attachments.
[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs –   CoinVault Ransomware, Removal tool)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

6 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

13 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

2 days ago

This website uses cookies.