跳到主体内容

No Ransom: The National High Tech Crime Unit of the Netherlands’ police and Kaspersky Lab help victims to escape from CoinVault ransomware

2015年4月14日

From today, victims of CoinVault ransomware have a chance to retrieve their data without paying the criminals

From today, victims of CoinVault ransomware have a chance to retrieve their data without paying the criminals, thanks to a repository of decryption keys and a decryption application made available online by Kaspersky Lab and the National High Tech Crime Unit (NHTCU) of the Netherlands’ police. The keys and the tool can be found on noransom.kaspersky.com, together with clear instructions on how to implement them.

CoinVault ransomware has been around for a while, encrypting victims’ files and demanding Bitcoins to unlock them. In order to help victims recover from an attack, the NHTCU and the Netherlands’ National Prosecutors Office obtained a database from a CoinVault command & control sever. This server contained Initialization Vectors (IVs), Keys and private Bitcoin wallets and helped Kaspersky Lab and the NHTCU to create the special repository of decryption keys. As the investigation is ongoing, new keys will be added when available.

“If you get infected with the CoinVault ransomware, please check noransom.kaspersky.com. We have uploaded a huge number of keys onto the site. If we do not currently have records for a particular Bitcoin wallet, you can check again in the near future, because together with the National High Tech Crime Unit of the Netherlands’ police we are continuously updating the information,” - says Jornt van der Wiel, Security Researcher at Global Research and Analysis Team, Kaspersky Lab.

CoinVault has infected more than 1,000 Windows-based machines in over 20 countries, with the majority of victims in the Netherlands, Germany, the USA, France and the UK. Victims have also been registered in Belgium, Austria, Switzerland, Norway, Sweden, Luxemburg, Denmark, Slovakia, Slovenia, Spain, Italy, Hungary, Ireland, Croatia, Russia, Canada, Israel, the United Arab Emirates, China, Indonesia, Thailand, South Africa, Australia, New Zealand, Panama, the Dominican Republic, and Mexico.

“Nowadays, many believe that combatting cybercrime requires public-private partnerships. We do it. Just talk to your partners, identify how you can help each other achieve a mutual aim: helping cybersecurity.” - explains Marijn Schuurbiers from the High Tech Crime Team of the Dutch Police.

Kaspersky Lab’s security experts also analyzed the malware samples and designed and built a decryption tool that can unlock files and delete the CoinVault malicious program from infected computers.

If a PC has been infected with CoinVault, an image such as the following will appear on the screen:

To discover how to remove the CoinVault ransomware from your computer and restore your files, please visit https://noransom.kaspersky.com/.

How to avoid being infected? Keep your anti-malware suite updated and make a habit of backing up your most important files.

Kaspersky detects this family as 'Trojan-Ransom.Win32.Crypmodadv.cj'.

No Ransom: The National High Tech Crime Unit of the Netherlands’ police and Kaspersky Lab help victims to escape from CoinVault ransomware

From today, victims of CoinVault ransomware have a chance to retrieve their data without paying the criminals
Kaspersky logo

关于卡巴斯基

卡巴斯基是一家成立于1997年的全球网络安全和数字隐私公司。卡巴斯基不断将深度威胁情报和安全技术转化成创新的安全解决方案和服务,为全球的企业、关键基础设施、政府和消费者提供安全保护。公司提供全面的安全产品组合,包括领先的端点保护解决方案以及多种针对性的安全解决方案和服务,以及用于应对复杂和不断变化的数字威胁的网络免疫解决方案。全球有超过4亿用户使用卡巴斯基技术保护自己,我们还帮助全球200,000家企业客户保护最重要的东西。要了解更多详情,请访问www.kaspersky.com.cn.

相关文章 企业新闻