Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
 
News

Decryption key repository means an end to cyber ransom payments

Kaspersky Lab UK : 06 November, 2015  (New Product)
Kaspersky Lab creates respository of decryption keys to enable victims of Bitcryptor and CoinVault ransomware to avoid paying to access their data
Decryption key repository means an end to cyber ransom payments

Kaspersky Lab has added an additional 14,031 decryption keys to the repository noransom.kaspersky.com, enabling all users who have fallen victim to CoinVault and Bitcryptor ransomware to retrieve their encrypted data without having to pay a single bitcoin in ransom to criminals.

The keys and decrypting application, developed by Kaspersky Lab, are available for free on the Kaspersky website.

Since April 2015, a total of 14,755 keys have been made available for victims so that they can release their files by using the decryption application developed by Kaspersky Lab’s security experts. The Netherlands’ National Prosecutors Office obtained the decryption keys from the CoinVault command and control servers.  In September, the Dutch police arrested two men in the Netherlands on suspicion of involvement in the ransomware attacks. With these arrests, and the fact that the last portion of keys has now been obtained from the server, the time has come to close the case on the CoinVault attacks.    

CoinVault’s cyber-criminals tried to infect tens of thousands of computers worldwide, with the majority of victims in the Netherlands, Germany, the USA, France and the UK. Users from a total of 108 countries were affected. The criminals succeeded in locking at least 1,500 Windows-based machines, demanding bitcoins from users to decrypt their files.

Kaspersky Lab discovered the first version of CoinVault in May 2014, and later contributed a thorough analysis of all the associated malware samples to an investigation run by the National High Tech Crime Unit (NHTCU) of the Netherlands’ police and the Netherlands’ National Prosecutors Office. During the joint investigation, the NHTCU and the Netherlands’ National Prosecutors Office obtained databases from CoinVault command and control servers. These servers contained Initialiation Vectors (IVs), keys and private bitcoin wallets and helped Kaspersky Lab and the NHTCU to create a special repository of decryption keys.

“The CoinVault story is ending: the remaining victims can retrieve their files and the cyber-criminals have been caught, thanks to collaboration between the Dutch police, Kaspersky Lab and Panda Security. The CoinVault investigation has been unique in that we have been able to retrieve all the keys. Through sheer hard work we were able to disrupt the entire business model of the cyber-criminal group,” said Jornt van der Wiel, Security Researcher at Global Research and Analysis Team, Kaspersky Lab.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo