New ransomware CoinVault allows users to decrypt one file for free
Cybercriminals behind a new ransomware program called CoinVault are trying out a new psychological tactic to convince users to pay up—freebies.
The new threat was discovered by security researchers from Webroot and is similar in functionality to more prevalent ransomware programs like CryptoWall. It uses strong 256-bit AES encryption with keys stored on a remote server, it kills the Windows Volume Shadow Copy Service so that users can’t use it to recover their files and only supports Bitcoin as a payment method.
Users are asked to pay 0.5 bitcoins—around $200 at the current exchange rate—in order to receive the key that decrypts their files, but the cost increases every 24 hours.
One aspect that sets CoinVault apart from other file-encrypting ransomware programs is that it allows users to see a list of encrypted files on their computer and choose one they can decrypt for free.
“This is a really interesting feature and it gives a good insight into what the actual decryption routine is like if you find yourself actually having to pay them,” Webroot security researcher Tyler Moffitt said in a blog post. “I suspect that this freebie will increase the number of people who will pay.”
Ransomware programs like CryptoLocker and CryptoWall have infected over 1 million computers and earned their creators millions of dollars.
Security researchers generally advise users not to give in to this form of extortion because it only helps further the fraud, but unfortunately paying the ransom is often the only option many users have to recover their files if they haven’t backed up regularly and securely.
Another common argument against paying up is that when you deal with cybercriminals there’s no guarantee they’ll deliver on their promise. CoinVault’s one-file-for-free feature is most likely intended to reassure victims that the program’s creators have the ability to decrypt the files.