New Encryption Ransomware Offers File Decryption Trial

Status
Not open for further replies.

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Cybercriminals have adapted their ransomware game to a more user-friendly variant of crypto-malware to get the victims pay the unlock fee and even included a trial for the file decryption feature.

Dubbed CoinVault (no connection with the legitimate coin exchange services online), the threat has an interface with all the functions necessary for viewing the locked data, paying the ransom and initiating the decryption mechanism based on the key provided after the payment is recorded.

It is clear that the malware authors tried to make the entire scam as simple a process as possible for the user. They even added a button for copying the bitcoin wallet address and a 24-hour countdown timer that lets the victim know how much time they have to pay the ransom until it increases.
CoinVault uses symmetric encryption
Researchers at Webroot discovered the new variant on Friday and tested the decryption functions, which, as it was expected, worked.

The algorithm used for locking up the data is the AES-256, a rudimentary one compared to what other cryptomalware families rely on; however, this does not make CoinVault any less dangerous.

CryptoWall relies on asymmetric encryption, which requires two keys (public – for encryption, and private, derived from the public one – for decryption) to secure the information; only the holder of the private key can decrypt the files.

By contrast, AES-256 is a symmetric encryption algorithm that relies on a single key for both encrypting and decrypting, 256-bit in length; find that key and the data is freed.

CryptoWall is one of the most prominent representatives of the ransomware malware with encryption capabilities. It currently has more than 80 variants in the wild and it made hundreds of thousands of victims worldwide, with cybercriminals making more than $1.1 million / €878,000 this year.

According to CoinVault’s description, the AES key is stored on a server that releases it to the victim as soon as the ransom is paid.
Decryption trial is not unique
A similar piece of crypto-malware has been discovered by researchers at iSight Partners back in August. They named it TorrentLocker and the same AES algorithm was used; moreover, it included decryption testing, too.

The purpose of offering the victims the possibility to try out the unlocking mechanism is to instill confidence that the data is released once the payment is accepted.

Having an updated antivirus solution installed on the computer can sometimes be enough to prevent crypto-malware from taking the files hostage, but the best solution is to have a backup of the important data ready. This type of threat does nothing but encrypt the files; if a safecopy exists, it can be restored at no financial cost for the user.
 
  • Like
Reactions: Adhit Prakosho
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top