Kaspersky and Dutch police released a program that can help remove ransomware CoinVault.
The nasty breed of ransomware is spread by corrupted email attachments. Once clicked, it encrypts files on Windows computer with 256-bit AES encryption. The owner cannot access computer files again unless he or she pays a bitcoin fee.
Victims don't have time to brainstorm a fix either. Once the timer hits zero, the ransom payment requirement grows.
But the Russian-based security firm helped to erect a tool to combat the crypto-virus. The National High Tech Crime Unit (NHTCU) of the Dutch police found a database, living on a command-and-control server that stored some of the decryption keys during their investigation. So then Kaspersky and the Dutch police teamed up to make the Ransomware Decryptor, a free tool that defeats the program, bypassing the bitcoin fee and unlocking the computer files.
Although it can help many victims who were infected by the ransomware, the tool doesn't work for everyone. It works for users that were infected with private keys that match the decrypting keys. The police hope to sniff out other databases with private keys so that more victims can get their computer files back.
And still, even with the new tool, the ransomware is not a piece of cake to remove. The decryptor comes with a manual that guides victims through the decrypting process, and the instructions are a bit long, like for removing most malware. But for many, the tool is better than the alternative: coughing up a 0.5 bitcoin.
Ransomware on the rise?
With the rise of bitcoin, we've seen a new generation of new crypto-viruses emerge, such as CoinVault as well as predecessors CryptoLocker and CryptoWall, that feed off of the currency's pseudo-anonymous nature.
Just last month, a similar virus affected the central server for Lincoln County law enforcement agencies encrypting data in the records management system used by the Lincoln County Sheriff’s Office and the Boothbay Harbor, Damariscotta, Wiscasset and Waldoboro police departments. The virus, known as megacode, held the data hostage until a payment of approximately 300 euros in bitcoins was made, after which the decryption code was given and the system was once again operational.
Similar situations were also witnessed, for example, in Detroit, where the city’s database was frozen for a ransom of 2,000 bitcoins. Other instances include a case in Northern Ireland, New Jersey and Illinois, just to name a few.
But while police and security organizations aren't wrong when they point out that bitcoin can be used by cybercriminals, at least now there's a parallel opportunity for fixes. Moreover, better data storage methods on top of an immutable blockchain also hold a lot of potential in securing private data, while minimizing opportunities for data hijacking.
Did you enjoy this article? You may also be interested in reading these ones:
- Warning! Kaspersky Alerts Users of Malware and 'Blockchain Abuse'
- Are Bitcoin Companies Vulnerable to Equation Group Style Attacks?
- Kaspersky Lab: Bitcoin Closing in on Conventional Banking