The Hacker News
Have you been infected with the insidious CoinVault or Bitcryptor ransomware?

If so, there is some potentially good news for you.

You may now recover your encrypted files for FREE! – Thanks to the efforts of Dutch police and antivirus maker Kaspersky Lab.

Security researchers from Kaspersky Lab and the Dutch Public Prosecution Service have obtained and published the last set of encryption keys from command-and-control (C&C) servers used by two related ransomware threats – CoinVault and Bitcryptor.

Security researchers first observed CoinVault ransomware attacks in May 2014. Since then, CoinVault has made more than 1,500 victims in more than 108 countries.

In April 2015, the Dutch police obtained 'Decryption keys' database from a seized command and control server of CoinVault.

Ransomware Decryption Tool

Those decryption keys were then used by Kaspersky Lab to set up a Ransomware Decryptor Service, which included a set of around 750 decryption keys recovered from CoinVault servers hosted in the Netherlands.

After that raid, the CoinVault's authors slowly updated their code, eventually releasing a second-generation CoinVault version that they named Bitcryptor.

However, last month, the Dutch authorities arrested two men in connection with CoinVault and Bitcryptor ransomware attacks, leading to the recovery of additional 14,031 decryption keys.

The keys have now been updated to the Kaspersky's Ransomware Decryptor Service and published on the website.

Those victims that had their PCs infected by these ransomware programs and still have the encrypted data lying around can now download these keys to unlock their personal files.

How to Decrypt CoinVault and Bitcryptor Ransomware:

Step 1: Note down the Bitcoin wallet address mentioned by the malware.
Step 2: Get the encrypted file list from the ransomware interface.
Step 3: Then download an effective antivirus and remove CoinVault Ransomware.
Step 4: Open and download the decryption tool released by Kaspersky Labs.
Step 5: Install additional libraries and Decrypt your files.

However, there's only one catch:

"If you get infected by this ransomware in the near future, you are out of luck."

Ransomware on Rise

Ransomware has emerged as one of the biggest Internet threats to the web users in recent years.

The authors of the notorious CryptoWall ransomware have raised more than $325 MILLION (£212 million) in this past year alone.

Typically, hackers primarily gain access to a user's computer using ransomware malware that heavily encrypts data files with a strong cryptographic algorithm, and then demand a ransom money (to be paid in Bitcoin), which ranges from $200 to $10,000.

How to Prevent Yourself Against Ransomware Attacks?

Just few days back, the Federal Bureau of Investigation (FBI) advised ransomware victims to just pay off the criminals in order to see their valuable data again.

However, in my opinion, the best defense against these threats is to ensure that all your important files are regularly backed up to a separate drive or storage that are only temporarily connected and can not be reached by the attackers.

A few more things you should keep in mind to prevent your Computer from getting infected with ransomware and other malware threats are:
  • Ensure your system software and antivirus definitions are up-to-date.
  • Avoid visiting suspicious websites.
  • Avoid Opening Emails and attachments from unknown sources.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.