According to security firm Kaspersky Lab, CoinVault and Bitcryptor ransomware are officially dead.
"Kaspersky Lab has added an additional 14,031 decryption keys to the free repository noransom.kaspersky.com, enabling all those who have fallen victim to CoinVault and Bitcryptor ransomware to retrieve their encrypted data without having to pay a ransom to cybercriminals," said the security firm in an update on the ransomware on Thursday. In a statement on the matter, Jornt van der Wiel, Security Researcher at Global Research and Analysis Team at Kaspersky Lab, said, "The CoinVault story is ending: the remaining victims can retrieve their files and the cybercriminals have been caught, thanks to collaboration between the Dutch police, Kaspersky Lab and Panda Security. The CoinVault investigation has been unique in that we have been able to retrieve all the keys. Through sheer hard work we were able to disrupt the entire business model of the cybercriminal group."
The ransomware was first discovered in May 2014 and was used to infect hundreds of thousands of machines across 108 countries. The majority of the victims were in the Netherlands, Germany, the USA, France, and the UK. At least 1,500 Windows-based devices were locked using this ransomware, demanding bitcoins as ransom. "Since April 2015, a total of 14,755 keys have been made available for victims so that they can release their files by using the decryption application developed by Kaspersky Lab's security experts to release their files," said Kaspersky Lab "In September, the Dutch police arrested two men in the Netherlands on suspicion of involvement in the ransomware attacks. With these arrests, and the fact that the last portion of keys has now been obtained from the server, the case on the CoinVault attacks is now closed."