The new CoinVault ransomware has the same behavior as other file-encrypting malware, like CryptoWall, CryptoLocker and Crowti. CoinVault would encrypt the files on the affected machine and demand a ransom for their recovery. CoinVault has an interface similar to other threats of the same type, uses 256-bit AES cryptography and deactivates anti-malware software.
CoinVault Offers Free File Recovery
What makes CoinVault different from most ransomware samples that experts have analyzed is that it offers the user the recovery of one encrypted file as proof that paying the ransom will provide the victim with the decryption key.
“What’s unique about this variant that I wanted to share with you all is that this is the first Encrypting Ransomware that I’ve seen which actually gives you a free decrypt,” commented Tyler Moffit of Webroot “It will let you pick any single file that you need after encryption and will decrypt it for you.”
The analyst has tested the feature himself and confirmed it worked. Moffitt believes that the file recovery option will lure more victims into paying the ransom in order to recover their files. As CoinVault is already in the wild, most antivirus products will probably detect it. But Moffitt suggests that in the near future the crooks behind CoinVault may build an undetectable zero-day version of the infection. That is why he recommends a regular data backup as the best protection practice against file-encrypting malware.
CoinVault also has an interesting approach to the countdown technique it uses. As the 24-hour period for the payment expires, the ransomware restarts the clock and ads more Bitcoins. This happens over and again until the ransom fee is paid.
zal het in de toekomst mogelijk zij de data te herstellen zonder het losgeld te betalen
Ik hoop ook dat er nog een oplossing komt om de bestanden te ontsleutelen!