Kaspersky Lab, in conjunction with the National High Tech Crime Unit (NHTCU) of the Netherlands’ police, has released a repository of CoinVault ransomware decryption keys enabling victims to retrieve their data.
The Netherlands’ National Prosecutors Office acquired a database from a CoinVault command & control server and Kasperksy Lab was able to create a decryption tool to enable victims to get their data back without being forced to pay the hefty ransom that cyber criminals demand.
The server also contained Initialisation Vectors (IVs), keys and private Bitcoin wallets which helped Kaspersky Lab and the NHTCU to create the special repository of decryption keys. As the investigation is ongoing, new keys will be added when available.
More than 1,000 users in 20 countries have been infected with CoinVault, Jornt van der Wiel, security researcher in the global research and analysis team at Kaspersky Lab, said: “We have uploaded a huge number of keys onto the site. If we do not currently have records for a particular Bitcoin wallet, you can check again in the near future, because together with the National High Tech Crime Unit of the Netherlands’ police we are continuously updating the information.”
Marijn Schuurbiers from the High Tech Crime Team of the Dutch Police, said: “Nowadays, many believe that combatting cyber crime requires public-private partnerships. We do it. Just talk to your partners, identify how you can help each other achieve a mutual aim: helping cyber security.”
Unlock your files using the NoRansom tool here
