Expert: CoinVault Ransom a Scam; Don't Negotiate

Brandon Dimmel's picture

Cybercriminals behind a brand new type of ransomware scam have implemented a new strategy they hope will convince more people to pay up. Unlike other ransomware scams, this one offers victims the ability to reclaim some of their files for "free."

Ransomware is a type of malware that locks users out of their systems. In most cases, a victim must pay a fee -- usually around several hundred dollars -- to reclaim control of their computers. However, there's no guarantee that a ransomware cybercriminal will follow through on the deal, and most security experts advise against negotiating with these crooks.

CoinVault: Some Files Can Be Reclaimed For Free

The most interesting type of malware to emerge in recent weeks is called CoinVault, which was discovered by security researchers at Webroot. According to the Webroot experts, CoinVault works like many other types of malware -- such as the very prominent CryptoWall and CryptoLocker programs -- but there's a twist: CoinVault gives users the chance to reclaim one of their files for no charge. (Source: pcworld.com)

There are several caveats to the "free" offering. In order to regain access to all files, users will have to pay 0.5 bitcoins, which is equivalent to about $200 USD. If users take too long to respond to the "offer" (perhaps to consult with law enforcement officials or security experts), the price goes up.

If the ransom is paid, CoinVault victims are reportedly given a password that allows them to bypass CoinVault's 256-bit AES encryption.

Security Expert says it's Best Not to Negotiate

Webroot security expert Tyler Moffitt admits that the CoinVault scam is a unique approach that could increase revenue for the cybercriminals behind the scheme. "This is a really interesting feature and it gives a good insight into what the actual decryption routine is like if you find yourself ... having to pay them," Moffitt said in a recent blog post. "I suspect that this freebie will increase the number of people who will pay." (Source: webroot.com)

Moffitt also says it would be silly to expect cybercriminals to keep their word on decrypting the files, and advises not to negotiate with the crooks.

How to Protect Yourself Against CoinVault

To help protect yourself against CoinVault and similar scams, our very own Dennis Faas of Infopackets.com recommends that you backup your most important files on a regular basis using Disk Image based-backups. If you find yourself infected with one of these encryption schemes, you can easily undo the damage (often within minutes) by reverting your system to a previously healthy state. Should you need help implementing a proper disk image backup (or anything else for that matter), feel free to contact Dennis for help.

What's Your Opinion?

Have you or anyone you know ever encountered a ransomware scheme? Would you be willing to pay money to reclaim important files even if experts advise against doing so? Do you think CoinVault's unique approach will increase its revenue?

Rate this article: 
Average: 5 (6 votes)

Comments

ron824us_3548's picture

Sorry, most people don't have an image of the computer & it's rarely done within minutes. They rely on system restore which does not repair the damage done, and their local computer tech to create another miracle. Only this time Ransomware deletes ALL doc's, PDF's pictures, Quickbook files, Etc. & replaces them with encrypted ones until you pay. System restore will not fix it & images of the computer will only give you back your files up to the last time it was imaged. This is going to be a great source of pain & anxiety for many clients when they realize all their stuff is gone. Even USB external drives & mapped drives on a network are effected.

Dennis Faas's picture

Yes, restoring operating system disk images can be done in minutes - at least they do for me - but I'm also running on an SSD (solid state disk). In all, it takes 10 minutes to do a full restore with minimal clicking involved. For other people, it may take longer depending on how much data is backed up, compression, bus speed, etc.