Kaspersky releases tools to decrypt files encrypted with CoinVault Ransomware

TechWorm ^ | on April 14, 2015 | Abhishek Kumar Jha

[Utilizer]

Software security group Kaspesky labs in collaboration with the Dutch police has released a tool which helps to decrypt files locked by Ransomware.

Kaspersky Labs has released a decryption tool for files encrypted with CoinVault ransomware. The tool was developed by the Kaspersky lab after the The National High Tech Crime Unit (NHTCU) of the Dutch police handed over the information obtained from a database of CoinVault command-and-control server containing the decryption keys.

[Utilizer]

Site has direct link to the Kapersky release.

[Utilizer]

Direct link:

https://noransom.kaspersky.com/

[Utilizer]

ping

[Utilizer]

Ping.

[rarestia]

So they either found the base server with the private key or the hackers used and extraordinarily poor hash (i.e. MD5) that was easily cracked. Otherwise, this isn’t something that can be permuted in a short period without some help.

[NeverEVERKerry]

Great find.

[dayglored]

Kaspersky has tools to deal with Ransomware ... PING!

You can find all the Windows Ping list threads with FR search: search on keyword "windowspinglist".

Thanks to Utilizer for the heads-up!

[The Antiyuppie]

This is mighty generous of this company. I’ll bet every victim becomes a customer of theirs.

[minnesota_bound]

Or Kaspersky was behind it : )
Those Russians...

[Utilizer]

It might not have been all that easily cracked, but at least someone finally found a solution so kudos to Kapersky.

[Utilizer]

Let’s hope it is not simply a temporary solution.

[Utilizer]

We need to send this info to critical system operations people, such as hospitals and healthcare professionals. Some educational institutions were attacked as well, if I recall correctly.

[Robert357]

bump for reference

[dayglored]

> Let’s hope it is not simply a temporary solution.

Well, yes; but every solution in this arena is temporary by definition.

[FreeInWV]

Sad that domestic companies do not solve big issues like this. I found it suspicious that Kapersky cracked the Stuxnet worm, yet domestic companies acted like they didn’t even know about it. Almost like they are told what to fix and what to ignore.

[dfwgator]

[AlaskaErik]

If FreeRepublic encrypted everyone’s files and charged a ransom to get them released there would never have to be another fundraiser.

[Utilizer]

JimRob and John have too much class to act like the Infernal Rectalviewing Sphincterprobes.

[Utilizer]

*snort* Micronoodle has been doing the same thing with many of the security issues that regularly come up on the ‘doze platform. It’s oftentimes been the ‘nix coders that have discovered problems and issued notices concerning them and patches with MS rarely acknowledging that there was a problem at all.

[Viking2002]

Damned crypto-viruses. I get at least one service call a week for them. We can remove them, but we tell the end users that their files are dog chow. When they authorize us to run a decryption app, we'll give it a whirl.