New ransomware lets user decrypt one file ‘for free’
Security firm Webroot has discovered a new ransomware variant that, after covertly encrypting data, offers users the option of decrypting one file ‘for free’. Also, the ‘ransom’ for the required key is increased every 24 hours.
The ransomware, called CoinVault, infects Windows systems and encrypts various file types, including documents, compressed files, pictures, videos, and iso files. The makers claim that it is AES-256 encryption. After being infected with the malware, CoinVault charges a Bitcoin amount for each file, but offers the user the option to decrypt one file for free. According to Webroot, this option offers opportunities to develop a decrypt tool.
The payment process, which is per file, is offered via a program, while most ransomware redirects victims to a website. CoinVault also has the demanded ‘ransom’ accrue every 24 hours.
CoinVault would be difficult to remove because it blocks several executables. Still, victims could get encrypted data back in a roundabout way because the malware leaves backups created via Volume Shadow Copy in peace.