跳到主体内容

Collaboration between the Dutch police and Kaspersky Lab leads to the arrest of suspects behind the CoinVault ransomware attacks

2015年9月17日

On Monday 14 September, the Dutch police arrested two men (18 and 22 years old) from Amersfoort, The Netherlands, on suspicion of involvement in CoinVault ransomware attacks.

On Monday 14 September, the Dutch police arrested two men (18 and 22 years old) from Amersfoort, The Netherlands, on suspicion of involvement in CoinVault ransomware attacks. The malware campaign started in May 2014 and continued this year, targeting users in more than 20 countries. Kaspersky Lab contributed important research to the investigation which assisted the National High Tech Crime Unit (NHTCU) of the Dutch Police in locating and identifying the alleged attackers. Panda Security also contributed to the investigation by pointing towards several samples of the malware.

CoinVault’s cybercriminals tried to infect tens of thousands of computers worldwide with the majority of victims in the Netherlands, Germany, the USA, France and the UK. They succeeded in locking at least 1500 Windows-based machines, demanding bitcoins from users to decrypt files.

The cybercriminals responsible for the ransomware campaign have been trying to modify their creations several times to keep on targeting new victims. Kaspersky Lab’s initial report on CoinVault was issued in November 2014, after the first sample of the malicious program appeared on the radar. The campaign then stopped until April 2015, when a new sample was detected. In the same month, Kaspersky Lab and the National High Tech Crime Unit (NHTCU) of the Dutch police launched noransom.kaspersky.com, a repository of decryption keys. In addition, a decryption application was made available online. This gave CoinVault victims a chance to retrieve their data without paying the criminals.

Kaspersky Lab was then contacted by Panda Security, which had found information about additional malware samples. Investigation of these samples by Kaspersky Lab revealed them to be related to CoinVault. A thorough analysis of all the associated malware samples was then completed and given to the Dutch Police.

“The Dutch police cooperates frequently with private parties. In this investigation Kaspersky Lab played an important role which helped us identifying and locating the Coinvault attackers. It shows that by working together we can catch more criminals” – says Thomas Aling from the Dutch Police.

“In April 2015 a new sample was spotted in the wild. Interestingly the sample had flawless Dutch phrases throughout the binary. Dutch is a relatively difficult language to write without any mistakes, so we suspected from the beginning of our research that there was a Dutch connection to the alleged malware authors. This later turned out to be the case. Winning the battle against CoinVault has been a joint effort between law enforcement and private companies, and we have achieved a great result: the apprehension of two suspects” - says Jornt van der Wiel, Security Researcher at Kaspersky Lab.

In order to prevent a computer from becoming infected with malware, the Dutch police and Kaspersky Lab advise users to ensure that their software and antivirus programs are always updated. In addition, users should regularly backup precious and/or important files and store the backup on a device without an Internet connection. Finally, users should never pay - payment motivates cybercriminals to keep going, and furthermore does not always lead to the actual release of files.

To learn more about the CoinVault ransomware, please read the blog post available at Securelist.com.

Collaboration between the Dutch police and Kaspersky Lab leads to the arrest of suspects behind the CoinVault ransomware attacks

On Monday 14 September, the Dutch police arrested two men (18 and 22 years old) from Amersfoort, The Netherlands, on suspicion of involvement in CoinVault ransomware attacks.
Kaspersky logo

关于卡巴斯基

卡巴斯基是一家成立于1997年的全球网络安全和数字隐私公司。卡巴斯基不断将深度威胁情报和安全技术转化成创新的安全解决方案和服务,为全球的企业、关键基础设施、政府和消费者提供安全保护。公司提供全面的安全产品组合,包括领先的端点保护解决方案以及多种针对性的安全解决方案和服务,以及用于应对复杂和不断变化的数字威胁的网络免疫解决方案。全球有超过4亿用户使用卡巴斯基技术保护自己,我们还帮助全球200,000家企业客户保护最重要的东西。要了解更多详情,请访问www.kaspersky.com.cn.

相关文章 企业新闻