Kaspersky Lab increased its decryption keys at noramsom.kaspersky.com to a total of 14,031. These decryption keys let users retrieve their encrypted data who have fallen victim to CoinVault and Bitcryptor ransomware.
“Many companies face ransomware attacks and ask themselves: to pay or not to pay? In the security industry, we believe that paying criminals does not make the ransomware problem go away.” said Jornt van der Wiel, Security Researcher at Global Research and Analysis Team, Kaspersky Lab. “If you pay, you keep the criminal business model rolling. If you don’t, there is no business model for them anymore. Moreover, paying up will not guarantee that your files will be retrieved,” he warned.
Kaspersky Lab joins forces with the Dutch police in investigating ransomware incidents to create more decryption keys.
Over 108 countries were affected by the incident. The criminals locked 1,500 Windows-based machines and demanded bitcoins from users to retrieve their files again.
During the joint investigation, the NHTCU and the Netherlands’ National Prosecutors Office obtained databases from CoinVault command & control servers.
These servers contained Initialization Vectors (IVs), keys and private bitcoin wallets and helped Kaspersky Lab and the NHTCU to create a special repository of decryption keys: noransom.kaspersky.com.
“The CoinVault investigation has been unique in that we have been able to retrieve all the keys. Through sheer hard work we were able to disrupt the entire business model of the cybercriminal group,” van der Wiel said.