CoinVault is not the best known ransomware. But if it does not have the notoriety of CryptoWall or CryptoLocker, it is a pest of the same species. He encrypts the files of a targeted computer and requests the payment of a ransom in bitcoins for their release which involves obtaining decryption keys.
A cybercrime campaign involving CoinVault was carried out from May 2014 to April 2015. At least 1,500 Windows computers have been locked by CoinVault, and mainly in the Netherlands, United States, Germany, United Kingdom and France.
It is not known how many hostages paid a ransom. In April, Kaspersky Lab released a decryption key repository and an application to give CoinVault victims a chance to recover their data without taking the risk of paying cybercriminals.
Last week, Dutch police announced the arrest in the town of Amersfoort of two individuals between the ages of 18 and 22. They are suspected of being the instigators of the CoinVault campaign.
The Dutch track was followed in particular because copies of the malware contained sentences written in perfect Dutch. " Dutch is a relatively difficult language to write without making mistakes. So we suspected a Dutch track from the start. This turned out to be the case. "writes Kaspersky Lab.
The Russian editor of security solutions also collaborated with Panda Security in this case which allowed the arrests of the two Dutch suspects … obviously a little too picky with the use of their language.
The Dutch police had taken control of the command and control server used by the attackers behind CoinVault. However, a new variant of CoinVault has had time to emerge. BitCryptor indeed uses the same code but the sentences written in Dutch have been deleted, as well as the links with CoinVault.
