The Netherland’s National High Tech Crime Unit (NHTCU) and Netherlands’ National Prosecutors Office recently discovered a large database of decryption keys from CoinVault command and control server (containing IVs, Keys and private Bitcoin wallets). The NHTCU shared this information with Kaspersky Lab which used it to develop Noransomware decryption application.
Ransomware like CoinVault encrypts data on a disk or blocks access to computer system. Ransomware usually installed by exploiting vulnerability on victims’ computers via phishing emails or links to malicious websites. CoinVault lets victims see a list of the files it encrypted and decrypt one for free to try to get people to pay up.
Noransomware decryption application isn’t 100 percent effective, but, as the investigation advances, the police hope to discover new decryption keys and improve the success rate of Noransomware decryption application, said Kaspersky researcher Jornt van der Wiel, who helped build the decryption tool.
Noransomware Decryption Application at https://noransom.kaspersky.com