Russian cyber security firm Kaspersky has teamed up with the Netherlands’ National High Tech Crime Unit (NHTCU) to introduce decryption keys and a decryption application to protect CoinVault ransomware victims.
CoinVault ransomware is a malicious programme that encrypts victims’ files in their systems and demands Bitcoins to unlock the data.
The NHTCU and Netherlands’ National Prosecutors Office collected a database from a CoinVault command & control severs.
According to Kaspersky, the server contained private Bitcoin wallets, Initialisation Vectors (IVs), and Keys, which helped the cyber security firm and NHTCU to develop a special repository of decryption keys.
The company is further investigating ways to get new keys in order to help more victims from this cyber crime.
Kaspersky highlighted that CoinVault is mostly active in the UK, US, Netherlands, and Germany, and has reportedly infected more than 1,000 Windows-based devices.
Security experts from Kaspersky analysed the malware samples and created a decryption tool that can unlock files, as well as delete the CoinVault malicious programme from the infected computers.
Dutch Police High Tech Crime Team member Marijn Schuurbiers said: "Nowadays, many believe that combatting cybercrime requires public-private partnerships. We do it. Just talk to your partners, identify how you can help each other achieve a mutual aim: helping cybersecurity."
