/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_banners/wp-content/uploads/2015/04/jailbreak.jpg)
MUMBAI, INDIA: The Dutch police have arrested two men aged 18 and 22 years, suspected of involvement in CoinVault ransomware attacks.
According to the police, the malware campaign started in May 2014 and continued this year, targeting users in more than 20 countries.
CoinVault’s cybercriminals tried to infect tens of thousands of computers worldwide with the majority of victims in the Netherlands, Germany, the USA, France and the UK. They succeeded in locking at least 1,500 Windows-based machines, demanding bitcoins from users to decrypt files.
Kaspersky Lab contributed important research to the investigation which assisted the National High Tech Crime Unit (NHTCU) of the Dutch Police in locating and identifying the alleged attackers. Panda Security also contributed to the investigation by pointing towards several samples of the malware.
The cybercriminals responsible for the ransomware campaign have been trying to modify their creations several times to keep on targeting new victims. Kaspersky Lab’s initial report on CoinVault was issued in November 2014, after the first sample of the malicious program appeared on the radar. The campaign then stopped until April 2015, when a new sample was detected.
In the same month, Kaspersky Lab and the National High Tech Crime Unit (NHTCU) of the Dutch police launched noransom.kaspersky.com, a repository of decryption keys. In addition, a decryption application was made available online. This gave CoinVault victims a chance to retrieve their data without paying the criminals.
Kaspersky Lab was then contacted by Panda Security, which had found information about additional malware samples. Investigation of these samples by Kaspersky Lab revealed them to be related to CoinVault. A thorough analysis of all the associated malware samples was then completed and given to the Dutch Police.
In order to prevent a computer from becoming infected with malware, the Dutch police and Kaspersky Lab advise users to ensure that their software and antivirus programs are always updated. In addition, users should regularly backup precious and/or important files and store the backup on a device without an Internet connection. Finally, users should never pay - payment motivates cybercriminals to keep going, and furthermore does not always lead to the actual release of files.