Bitcoin Ransomware Education – CoinVault

Although we have discussed various types of Bitcoin ransomware on this website already, there are many more different types roaming the wilds today. CoinVault is often overlooked as a very dangerous type of Bitcoin ransomware, although there is still no complete solution to tackle this malware. Kaspersky has managed to create a tool which will help out some users, but it is far from perfect in its current state.

Also read: BCoin Lets Users Run A Bitcoin Node In Node.js

CoinVault Appears In November of 2014

TheMerkle_Bitcoin Ransomware Coinvault

The year 2014 has been the year of Bitcoin ransomware so to speak, as various types of this malware have been released in those twelve months. CoinVault was one of the latest versions to infect computers all over the world, as it targeted all major Windows operating systems. Ranging from Windows XP to Windows 8, no one was immune to this ransomware if it managed to find its way to your device.

While CoinVault shares certain traits with CryptoLocker, it was a more advanced type of Bitcoin ransomware as well. Only one significant feature was added, as CoinVault offered users one free file decryption within the software itself to verify their “honest” intentions of restoring file access once the user had paid the Bitcoin fee.

Making payments did not require visiting a site over the Tor protocol either, which was the first time this happened in the Bitcoin ransomware scene. Decryption of the files, as well as the necessary code to accept the Bitcoin payment, were all built into the malware executable itself. This made it even harder for law enforcement to figure out who was behind these attacks, as there were no web traces other than the Bitcoin transaction itself.

While this may seem to be a more passive version of Bitcoin ransomware, CoinVault was not the most patient malware either. Starting the infection ransom at 0.7 Bitcoin is quite a steep price, but that amount would only go up for every 24 hours that passed without payment.

The modus operandi of infecting a computer with CoinVault has not changed much despite all of these different iterations of the popular malware. Infected email attachments in.ZIP format was to blame for this malware spreading all over the world, which contained executables hidden as PDF files.

While there is no end-all solution to CoinVault just yet, the dedicated Command and Control Servers for this malware were seized by Dutch law Enforcement in April 2015. Some of the decryption keys have been made publicly available to infected users ever since, although most users will still have to pay the fee or restore files from a backup.

Source: Bleeping Computer

Images credit 1.2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.