Russian security firm Kaspersky has released a new tool in the fight against ransomware, a family of malware that holds every non-system file on a computer for ransom in exchange for Bitcoin currency. Ransomware brings a whole new meaning to digital extortion. Kaperski’s new tool decrypts the ransomed files and removes all traces of the malware from the infected machine.
CoinVault, one of the newest ransomware families, has been wreaking havoc on unsuspecting users since late last year. Once CoinVault is downloaded, executed, and the first depressing pop-up message is displayed; the user has 24 hours to send payment (via Bitcoin) or the price goes up. Those notifications look like this:
You’ll notice that you can view a list of each file being held ransom that you can no longer open. Goody! Actually, this is a godsend for the unlucky user trying to figure out how many files were encrypted that they don’t have backed up somewhere else. But wait, there’s more! You get to choose one file to get back for free, perhaps to prove that they really do intend to comply once you pay. I don’t know if this is an act of mercy or a devilish way to make somebody choose between their latest resume or the list of their extended family’s birthdays. Some people just want to watch the world burn.
In the bottom right-hand corner of that same screen shot you will see a Bitcoin address. (Learn more about how Bitcoin works here.) The use of Bitcoin as a payment mechanism makes it even more difficult to trace the attacker. This is in part because a Bitcoin wallet, the centralized piggy bank, can essentially have an unlimited number of external addresses to which payments can be made. Then, the money is routed back to the wallet. This method of payment and “free gift” of one of your files is quite rare, if not unprecedented. CoinVault predecessors CryptoWall and CryptoLocker were often run by malware operators who received payment and never gave the infected user the chance to get their files back. Humans can be so cruel.
If you or anyone you love, like, or tolerate becomes infected with CoinVault, you can head on over to noransom.kaspersky.com to begin the process of decryption. It’s basically digital Batman. You’re welcome.
Have you ever been a victim of ransomware? Let us know in the comments.