Kaspersky Lab and the Dutch Police are Ending the Nightmare for 14,031 CoinVault and Bitcryptor Ransomware Victims Worldwide

October 30, 2015

Kaspersky Lab and the Dutch Police are Ending the Nightmare for 14,031 CoinVault and Bitcryptor Ransomware Victims Worldwide

Woburn, MA – October 29, 2015 -Kaspersky Lab has added an additional 14,031 decryption keys to the free repository noransom.kaspersky.com, enabling all those who have fallen victim to CoinVault and Bitcryptor ransomware to retrieve their encrypted data without having to pay a ransom to cybercriminals.

The cybercriminals behind CoinVault tried to infect tens of thousands of computers worldwide, with the majority of victims in the Netherlands, Germany, the USA, France and the UK. Consumers from a total of 108 countries were affected. The criminals succeeded in locking at least 1,500 Windows-based machines, demanding bitcoins from users to decrypt their files.

Kaspersky Lab discovered the first version of CoinVault in May 2014, and later completed a thorough analysis of all the associated malware samples for the investigation run by the National High Tech Crime Unit (NHTCU) of the Netherlands’ police and the Netherlands’ National Prosecutors Office. During the joint investigation, the NHTCU and the Netherlands’ National Prosecutors Office obtained databases from CoinVault command & control servers. These servers contained Initialization Vectors (IVs), keys and private bitcoin wallets, which helped Kaspersky Lab and the NHTCU to create a special repository of decryption keys: noransom.kaspersky.com.

Since April 2015, a total of 14,755 keys have been made available for victims so that they can release their files by using the decryption application developed by Kaspersky Lab’s security experts to release their files. In September, the Dutch police arrested two men in the Netherlands on suspicion of involvement in the ransomware attacks. With these arrests, and the fact that the last portion of keys has now been obtained from the server, the case on the CoinVault attacks is now closed.

“The CoinVault story is ending: the remaining victims can retrieve their files and the cybercriminals have been caught, thanks to collaboration between the Dutch police, Kaspersky Lab and Panda Security. The CoinVault investigation has been unique in that we have been able to retrieve all the keys. Through sheer hard work we were able to disrupt the entire business model of the cybercriminal group,” said Jornt van der Wiel, Security Researcher at Global Research and Analysis Team, Kaspersky Lab.

About Kaspersky Lab

Kaspersky Lab is one of the world’s fastest-growing cybersecurity companies and the largest that is privately-owned. The company is ranked among the world’s top four vendors of security solutions for endpoint users (IDC, 2014). Since 1997 Kaspersky Lab has been an innovator in cybersecurity and provides effective digital security solutions and threat intelligence for large enterprises, SMBs and consumers. Kaspersky Lab is an international company, operating in almost 200 countries and territories across the globe, providing protection for over 400 million users worldwide.

Learn more atwww.kaspersky.com.

For the latest in-depth information on security threat issues and trends, please visit:

Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contact
Sarah Kitsos
781.503.2615
sarah.kitsos@kaspersky.com

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company’s comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and nearly 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Kaspersky Lab and the Dutch Police are Ending the Nightmare for 14,031 CoinVault and Bitcryptor Ransomware Victims Worldwide

Kaspersky Lab and the Dutch Police are Ending the Nightmare for 14,031 CoinVault and Bitcryptor Ransomware Victims Worldwide

About Kaspersky

Related Articles Press Releases

Kaspersky statement on compliance in the U.S. following ICTS Final Determination

Quadrant Knowledge Solutions grants Leader status to Kaspersky Threat Intelligence

SMB malware infections rising amid resurgence of attacks leveraging Microsoft Excel, Kaspersky reports

Kaspersky introduces new Windows digital forensics online cybersecurity training

Kaspersky statement on the company leadership inclusion on the sanctions list by the Department of the Treasury’s Office of Foreign Assets Control (OFAC)

Kaspersky Statement on the U.S. Commerce Department Determination

Kaspersky introduces Kaspersky Cloud Workload Security ecosystem

Kaspersky studies 193 million passwords, finds 45% could be cracked in less than a minute

Kaspersky opens CFP for 2024 Security Analyst Summit

Kaspersky releases enhanced apps for iOS and Android