Hacking, Information Security, Vulnerability

Kaspersky releases tools to decrypt files encrypted with CoinVault Ransomware

Are you one of those Windows users who have found themselves as victims of the CoinVault Ransomware?

If Yes, then we have a Good news for you:

Victims of CoinVault ransomware can now decrypt their files encrypted by malware using a free tool released by Kaspersky Lab.

Kaspersky Labs has released a decryption tool for files encrypted with CoinVault ransomware. The tool was developed by the Kaspersky lab after the The National High Tech Crime Unit (NHTCU) of the Dutch police handed over the information obtained from a database of CoinVault command-and-control server containing the decryption keys.

Ransomware malware is a growing cyber threat in which hackers primarily gain access to a user’s system and demand a ransom be paid.
Ransomware malware infects a computer or device to restrict the user’s access to the infected computer.
Typically, the ransomware malware will either ‘lock’ the computer to prevent normal usage or encrypt the files on it to prevent access.

Recently, during an investigation of the CoinVault ransomware, the Dutch police were able to obtain a ‘Decryption keys’ database from a command and control server of CoinVault.

The Ransomware Decryption tool released by Kaspersky Labs utilizes same decryption keys those were recovered by the Dutch police.


Europe Antitrust Google


CoinVault which is a sophisticated form of Ransomware encrypts data on hard disk of the victims Windows PC and in order to unlock the files it demands a ransom in Bitcoins to be paid. Unlike any other Ransomware CoinVault allows victim to see the list of encrypted files and decrypt one for free.

The tool is not 100% foolproof as the Ducth police has not secured all potential CoinVault keys from the server, but they said they are investigating further to find new keys that may help improve the tools efficiency.


How to Decrypt files encrypted by CoinVault Ransomware?
Step 1: If you are infected with CoinVault, just note down the Bitcoin wallet address mentioned by the malware on the screen.

Step 2: Get the encrypted file list from ransomware interface.

Step 3: Download an effective antivirus and remove CoinVault Ransomware first.

Step 4: Open https://noransom.kaspersky.com and download the decryption tool released by Kaspersky Labs.

Step 5: Install additional libraries and Decrypt your files.

In order to protect your computer from malware:

  • Ensure your system software and antivirus definitions are up-to-date.
  • Avoid visiting suspicious websites.
  • Regularly backup your important files to a separate drive or storage that are only temporarily connected.
  • Be on high alert for pop-ups, spam, and unexpected email attachments.
Previous ArticleNext Article
Send this to a friend