If your computer was infected with the CoinVault or Bitcryptor ransomware programs you’re in luck — at least compared to other ransomware victims. Chances are high that you can now recover your encrypted files for free, if you still have them.
Researchers from Kaspersky Lab and the Dutch Public Prosecution Service have obtained the last set of encryption keys from command-and-control servers that were used by CoinVault and Bitcryptor, two related ransomware threats.
Those keys have been uploaded to Kaspersky’s ransomware decryptor service that was originally set up in April with a set of around 750 keys recovered from servers hosted in the Netherlands.
In September, the Dutch authorities arrested two men in connection with CoinVault and Bitcryptor ransomware attacks. Those arrests led to the recovery of around 14,000 additional decryption keys which have now been added to the noransom.kaspersky.com repository.
The CoinVault file-encrypting ransomware program was first documented by Kaspersky researchers in November 2014. Then in April the National High Tech Crime Unit (NHTCU) of the Dutch police recovered some decryption keys from a seized CoinVault server.
After that raid, the program’s authors took a break, but they eventually launched a new version that they named Bitcryptor.
With the recent arrests and the recovery of all decryption keys, Kaspersky is calling the CoinVault case closed. However, the victims of other ransomware programs are not as lucky: an FBI special agent recently admitted at a security conference that the agency often advises ransomware victims to just pay the ransom as there’s little else they can do to recover their files.
A coalition of security companies that investigated one of the most prevalent ransomware programs, CryptoWall version 3, recently estimated the number of its victims to be in the hundreds of thousands and the profit made by the group behind it at around $325 million.