Slashdot Mirror

← Back to Stories (view on slashdot.org)

CoinVault and Bitcryptor Ransomware Victims Can Now Recover Their Files For Free (itworld.com)

Posted by timothy on from the slightly-less-evil-in-the-world dept.

itwbennett writes: Researchers from Kaspersky Lab and the Dutch Public Prosecution Service have obtained the last set of encryption keys from command-and-control servers that were used by CoinVault and Bitcryptor,' writes Lucian Constantin. 'Those keys have been uploaded to Kaspersky's ransomware decrypt or service that was originally set up in April with a set of around 750 keys recovered from servers hosted in the Netherlands.

4 of 32 comments (clear)

  1. Pretty Amazing Really by SumDog · · Score: 4, Interesting

    I've never been hit by one of these, but I realize it can cost people a lot of money due to some shitheads. I'm really glad a lot of these keys have been found and made public. I'm sure this won't be the end of ransomware...people will just use new keys, but hopefully this will help some of those who have clicked on a not-a-flash upgrade or bad e-mail attachment.

    1. Re:Pretty Amazing Really by Zocalo · · Score: 4, Interesting

      While it's a worthy effort, I suspect that it's mostly just a PR stunt though since I doubt very many people will actually be able to use these keys to avoid paying the ransom, given that the criminals will indeed switch to new keys pretty much overnight, potentially re-encrypting any data on PCs they have already compromised in the process if they can re-establish control via other C&C servers. Of the potential victims that could benefit from this, once you've eliminated those who have already paid the ransom, written off their data and started over, or were fortunate enough to have good backups to restore from, are there *really* going to be that many left who will also be capable of finding the site with the decryption tools on it? That we don't here the security companies trumpting the numbers of successful decryptions using recovered keys like these makes me think that there are probably not all that many.

      --
      UNIX? They're not even circumcised! Savages!
  2. Hats off to Kaspersky by Anonymous Coward · · Score: 3, Interesting

    they are truly good guys. Most of their competitors, F-Secure being the exception I guess, would have charged money for this service, or not even bother in the first place.

  3. Re:Much Respect! by plover · · Score: 4, Interesting

    This certainly isn't their only cool act of public service, either. I saw one of the Dutch guys presenting an interesting topic at Black Hat: How to preserve a powered on system during a raid using mouse jigglers and UPSes, and collecting forensic evidence while preserving chain of custody, good practical advice. The BH crowd eats that stuff for breakfast, but he was providing info that is useful to help train non-technical officers executing a warrant.

    --
    John