Kaspersky tool decrypts files locked by ransomware

Kaspersky is a security company that has teamed up with the Dutch police National High Tech Crime Unit (NHTCU) to offer a tool with the goal of unencrypting files that are encrypted by ransomware. The free tool will unlock files that are encrypted by the ransomware CoinVault. CoinVault is a piece of software that has been going around since November of last year.

When a computer is infected by CoinVault, the files are encrypted locking the owner of the files out unless they pay the CoinVault software owner money to decrypt the files. The creation of the software was made possible when the NHTCU discovered a CoinVault server that had a database of decryption keys.

The police agency gave the keys to Kaspersky so it could create a tool that would unlock files for people who had PCs infected by the ransomware. The catch at this time is that the tool Kaspersky created doesn't work for all infected machines.

The reason the tool doesn't always work is that the NHTCU hasn't secured all potential CoinVault keys from the server discovered. The police are still investigating and hope to find more decryption keys and help the tool improve its efficiency.

SOURCE: Kaspersky, thenextweb