For the last couple of years Bitcoin has been the currency of choice for most hackers “working” with ransomware. And, so far, they have been receiving their ransoms in BTC because it was almost impossible to set your computer free of the malware. But now there’s a new decryption tool called ‘Noransomware’ that might change the game.
Kaspersky Labs has managed to build a decryption key generator with the help of the Netherland’s National High Tech Crime Unit (NHTCU). And although the tool is not completely effective at the moment, Kaspersky plans to keep developing it in partnership with the authorities.
The NHTCU teamed up with Kaspersky Labs following a string of episodes involving CoinVault, a type of malware that demands a growing amount of Bitcoin in order to release encrypted files in the victim’s computer. The ransomware has been targeting Windows systems since November 2014 and has infected 700 computers in the Netherlands so far.
However, the victims can now get rid of the malware for free thanks to Kaspersky’s new tool, developed after the NHTCU seized a large database of decryption keys related to Coinvault – and including IVs, keys and Bitcoin wallets – that were later shared with the international software security company.
Kaspersky hopes to further develop and enhance the power of the ‘Noransomware’ by cooperating with authorities across the world that are currently investigating Coinvault.
“We have uploaded a huge number of keys onto the site, and together with the National High Tech Crime Unit of the Netherlands’ police we are continuously updating the information,” Jornt van der Wiel, a security researcher at Kaspersky’s global research and analysis team, told CoinDesk.
Besides releasing the decryption tool, the international company headquartered in Moscow, Russia, is also helping the victims by publishing a simple guide on how to use the ‘Noransomware’ solution.
Because the ‘Noransomware’ solution is not completely effective at this point, some victims won’t be able to find the answer to their problem on the new tool’s list of data. All they can do is either wait or pay the crypto-ransom.
Nevertheless, according to the Dutch authorities, “[paying] motivates the criminals to continue to use this payment method, and furthermore does not always lead to actual release” and it doesn’t always mean the victim gets the files back. Actually, only 1.4% of the victims who pay the ransom gain access to the decryption software promised by the hackers.
Van der Wiel believes the best thing to do is to protect the files in the first place. Kaspersky’s security researcher advises all potential victims to keep their anti-virus updated and regularly back up their important files.