Categories: Breaking NewsCyber CrimeMalwareSecurity

How CoinVault or Bitcryptor victims could try to recover their files

How CoinVault or Bitcryptor victims could try to recover their filesHow CoinVault or Bitcryptor victims could try to recover their files

Victims of CoinVault ransomware can now rely on a new set of encryption keys added to the free CoinVault Ransomware Decryptor tool to recover their files.

Every day, dozens of users ask me how to decrypt their data locked by various ransomware such as CoinVault or Bitcryptor?

Now I have a good news for them, it is possible to use a free tool to recover the encrypted files.

The tool was designed by the experts of the Kaspersky Lab in collaboration with the Dutch police, the experts have used a set of encryption keys extracted from command-and-control (C&C) servers used by two groups that were using CoinVault and Bitcryptor.

In May 2014, the investigators detected numerous attacks based on the  CoinVault ransomware that infected more than 1,500 victims in more than 108 countries.

In April 2015,  the Dutch Public Prosecution Service extracted a set of CoinVault Decryption keys from a database present on a seized command and control server.

In April 2015, the expert from Kaspersky Lab announced the development of the tool called “CoinVault Ransomware Decryptor”, the researcher teamed up with The National High Tech Crime Unit (NHTCU) of the Dutch Police.

CoinVault malwareCoinVault malware

The tool included a set of around 750 decryption keys recovered from CoinVault servers hosted in the Netherlands.

In response to the action of the law enforcement, the authors of CoinVault updated their code and released a new version dubbed Bitcryptor.

Now the law enforcement could rely on additional 14,031 decryption keys obtained last month by the Dutch authorities following the arrest of two men in connection with CoinVault and Bitcryptor ransomware attacks.

The keys have been included in the Kaspersky’s Ransomware Decryptor Service which is available on the noransom.kaspersky.com website.
If you are a victim of CoinVault and Bitcryptor ransomware attacks you can try to download these keys to unlock the encrypted files.
To decrypt the file use the following procedure:
  1. Step 1: If you are infected with CoinVault, just note down the Bitcoin wallet address mentioned by the malware on the screen.
  2. Step 2: Get the encrypted file list from ransomware interface.
  3. Step 3: Download an effective antivirus and remove CoinVault Ransomware first.
  4. Step 4: Open https://noransom.kaspersky.com and download the decryption tool released by Kaspersky Labs.
  5. Step 5: Install additional libraries and Decrypt your files.

In order to protect your computer from malware:

  • Ensure your system software and antivirus definitions are up-to-date.
  • Avoid visits suspicious websites.
  • Regularly backup your important files to a separate drive or storage that are only temporarily connected.
  • Be on high alert for pop-ups, spam, and unexpected email attachments.
[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs –   CoinVault Ransomware, Removal tool)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Published by
Pierluigi Paganini
Tags: CoinVaultCoinVault Ransomware DecryptorCybercrimemalwareransomwareRemoval tool
10 years ago

Recent Posts

Meta stopped covert operations from Iran, China, and Romania spreading propaganda

Meta stopped three covert operations from Iran, China, and Romania using fake accounts to spread…

12 hours ago

US Treasury sanctioned the firm Funnull Technology as major cyber scam facilitator

The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major…

21 hours ago

ConnectWise suffered a cyberattack carried out by a sophisticated nation state actor<gwmw style="display:none;"></gwmw><gwmw style="display:none;"></gwmw>

ConnectWise detected suspicious activity linked to a nation-state actor, impacting a small number of its…

24 hours ago

Victoria’s Secret ‘s website offline following a cyberattack

Victoria’s Secret took its website offline after a cyberattack, with experts warning of rising threats…

2 days ago

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a…

2 days ago

New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.

GreyNoise researchers warn of a new AyySSHush botnet compromised over 9,000 ASUS routers, adding a…

2 days ago