Cryptomalware is a type of virus that takes files on infected machines and encrypts (see our article here on encryption) them with a key only known to the programmer that designed the virus. Once the computer is encrypted a message pops up asking the owner for money in return for the key to decrypt the drive, earning these viruses their other name “ransomware”. Up until now there have been only a few possible fixes for these kinds of infections and success was often far from guaranteed. This put victims in the unfortunate position of paying the ransom as the option with the best chance of success.
Fortunately, Kaspersky anti-virus and the National High Tech Crime Unit from the Netherlands have developed a tool that actually has a good chance of returning the computer’s files in working condition. The specific type of malware that is targeted is CoinVault, since a server involved in that particular scam was recently seized. That server gave the researchers a database of decryption keys to work from and create this new tool for saving victim’s data. There are no reports of how effective this program is due to its recent release, but signs are promising.
Kaspersky is offering the tool free on their website and is constantly updating it with new decryption keys that will increase the number of devices it works on. The NHTCU has also mentioned it appears to be closing in on the suspect behind the CoinVault malware, which would hopefully lead to an even better version of the decryption tool (at least for current versions of the ransomware). In the meantime however it is still not recommended to pay the ransom even if the decryption tool doesn’t work. Once the money is paid there is no guarantee of the files being released, so keeping regular backups is still your best defense.