Skip to content ↓ | Skip to navigation ↓

Yet another type of ransomware has been discovered recently—this one, with a unique new feature courtesy of the cybercriminals. This malicious program, known as “CoinVault,” allows victims to decrypt a single file of their choice free of charge.

Researchers at security firm Webroot reported their findings in a blog post after encountering the attack, which appears to stem from the cryptographic locker family.

“This is a really interesting feature and it gives a good insight into what the actual decryption routine is like, if you find yourself actually having to pay them,” said Tyler Moffit, senior threat research analyst at Webroot.


According to Kaspersky Labs researcher Santiago Pontiroli, CoinVault is also distinctive in its ability to stay hidden, making it increasingly difficult for researchers to analyze the malware.

“They make that effort (to delay analysis) because it’s more money for them,” he said. Pontiroli explained the ransomware is capable of checking for specific tools used by analysts, such as Wireshark and Sanboxie.

Moffit added that the novel technique in the variant likely would lead to an increase of people willing to pay the ransom, which typically amounts to several hundred dollars in Bitcoin currency.

Although the free decrypt may seem like a nice gesture, the “offer” does come with a catch. In order for victims to regain access to all the files, cybercriminals request prompt payment before the price begins to increase every 24 hours.

But security experts advise it’s best not to barter with cybercriminals. “It would be silly to expect cybercriminals to keep their word on decrypting the files,” said Moffit.

Instead, users are recommended to backup important files on a regular basis.

“If you have a backup policy in place, then don’t pay,” Pontiroli suggests. “If you keep paying, then this business will go on forever.”

Read More Here…