By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    An Android that robbed your bank account -Kaspersky Daily
    12 months ago
    New CryptoLocker-like Malware for Android
    12 months ago
    Kaspersky Safe Kids Protects Your Child From Cyberbullying
    12 months ago
    Latest News
    Beware of scammers! Dangerous apps in the App Store
    6 hours ago
    How To Limit Login Attempts on WordPress (+ Should You?)
    1 day ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)
    1 day ago
    Two privilege escalation vulnerability in Simple Membership Plugin
    2 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    How To Configure Cloudflare To Maximize WordPress Speed + Security
    11 months ago
    Windows 11 build 25179 rolls out in the Dev Channel
    12 months ago
    How to set a static IP address on Windows 11
    12 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    8 months ago
    Now you can speed up any video in your browser
    8 months ago
    How to restore access to a file after EFS or view it on another computer?
    8 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    9 months ago
  • How To
    How ToShow More
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    9 hours ago
    Privacy-preserving measurement and machine learning
    Privacy-preserving measurement and machine learning
    9 hours ago
    Encrypted Client Hello – the last puzzle piece to privacy
    Encrypted Client Hello – the last puzzle piece to privacy
    9 hours ago
    Reminder: Enable two-factor authentication wherever you have it. This business
    13 hours ago
    ​​Know exactly when your data is transferred to GoogleIn a world where our data is permanent
    13 hours ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    How to remove bulk app download notification on iOS?
    12 months ago
    Bug with views
    12 months ago
    How many horns does a unicorn have?
    12 months ago
    Latest News
    How to enable extensions for Google Bard AI
    7 hours ago
    Window 11 Copilot: 10 Best tips and tricks
    14 hours ago
    How to create AI images with Cocreator on Paint for Windows 11
    2 days ago
    How to install September 2023 update with 23H2 features for Windows 11
    3 days ago
  • Glossary
  • My Bookmarks
Reading: How to remove CoinVault ransomware and restore your files
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
ThreatsWordpress Threats

How to remove CoinVault ransomware and restore your files

Vitus White
Last updated: 13 October
Vitus White 12 months ago
Share
5 Min Read

In most cases, if you are a victim of ransomware, there’s nothing you can do. Luckily, from time to time police and cybersecurity companies take down command and control servers of ransomware and retrieve information from them. This information is really useful, because it helps to create decryption tools and to recover users’ files. Recently, Dutch cyber-police and Kaspersky Lab created such a solution for CoinVault victims.

Contents
Step 1: Are you infected with CoinVault?Step 2: Get the Bitcoin wallet addressStep 3: Get the encrypted file listStep 4: Remove CoinVaultStep 5: Check https://noransom.kaspersky.comStep 6: Download the decryption toolStep 7: Download and install additional librariesStep 8: Start the decryption toolStep 9: Test if the decryption works properlyStep 10: Decrypt all files stolen by CoinVault

If you want to know more about CoinVault itself, you can read our detailed report at Securelist. If you are interested in exactly how we created a decryption solution, we covered it in a very detailed  blog post. If you are looking for instruction on how to get rid of this ransomware and restore your files, then keep reading below.

Step 1: Are you infected with CoinVault?

First, make sure your files are stolen by CoinVault and not by another ransomware. It’s fairly easy to determine: If you are infected with CoinVault, you will see an image like below:

How to remove CoinVault ransomware and restore your files

Step 2: Get the Bitcoin wallet address

In the bottom right of CoinVault you will see the Bitcoin wallet address (it’s marked with a black circle on the image above). It’s very important for you to copy and save this address!

Step 3: Get the encrypted file list

In the top left corner of the malware window you will see a ‘View encrypted filelist’ button (it’s marked with blue circle on the image above). Click this button and save the output to a file.

Step 4: Remove CoinVault

Go to https://kas.pr/kismd-cvault and download the trial version of Kaspersky Internet Security. Install it and it will remove CoinVault from your system. Be sure to save all information retrieved in steps 2 and 3.

Step 5: Check https://noransom.kaspersky.com

At https://noransom.kaspersky.com you should enter the Bitcoin wallet address from step 2. If your Bitcoin wallet address is known, the IV and Key will appear on the screen. Please note that multiple keys and IVs may appear. In this case save all the keys and IVs to your computer, you will need them later.

How to remove CoinVault ransomware and restore your files

Step 6: Download the decryption tool

Download the decryption tool at https://noransom.kaspersky.com and run it on your computer. If you get an error message, as shown below, go to step 7. If not, skip step 7 and proceed to step 8.

How to remove CoinVault ransomware and restore your files

Step 7: Download and install additional libraries

Go to http://www.microsoft.com/en-us/download/details.aspx?id=40779 and follow the instructions on the website. Then install the software.

Step 8: Start the decryption tool

Start the tool and you will see a screen like below:

How to remove CoinVault ransomware and restore your files

Step 9: Test if the decryption works properly

When running the tool for the first time, we strongly advise you to do a test decryption. Do the following:

  • Click “Select file” button in the “Single File Decryption” box and select one file you want to decrypt;
  • Enter the IV from the webpage into the IV box;
  • Enter the key from the webpage into the key box;
  • Click “Start” button.

Verify whether the newly created file is properly decrypted.

Step 10: Decrypt all files stolen by CoinVault

If everything was okay in step 9, then you can recover all your files at once. To do that select the file list from step 3, enter IV and key and click start. You can select “Overwrite encrypted file with decrypted contents” if you want.

Recover your files stolen by #CoinVault #ransomware. Free of charge

Tweet

If you received multiple IVs and keys when you entered your Bitcoin wallet address, please be very careful. At the moment we are not 100% sure where the multiple IVs and keys for one Bitcoin wallet come from. In this case, we strongly recommend leaving the “Overwrite encrypted file with decrypted contents” box unticked. If something goes wrong with the decryption you can try another IV+key pair until the file is successfully decrypted.

If you didn’t receive the IV and key at all, you should wait and check https://noransom.kaspersky.com. The investigation is ongoing, and we will add new keys as soon as they are available.


Source: kaspersky.com

Translate this article

TAGGED: Malware, Microsoft, RC4, Security, Software, Threats
Vitus White October 13, 2022 October 7, 2022
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Cloudflare now uses post-quantum cryptography to talk to your origin server
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps 9 hours ago
Privacy-preserving measurement and machine learning
Privacy-preserving measurement and machine learning
Apps 9 hours ago
Encrypted Client Hello – the last puzzle piece to privacy
Encrypted Client Hello – the last puzzle piece to privacy
Apps 9 hours ago
Beware of scammers! Dangerous apps in the App Store
Threats 9 hours ago
How to enable extensions for Google Bard AI
News 10 hours ago

You Might Also Like

Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps

Cloudflare now uses post-quantum cryptography to talk to your origin server

9 hours ago
Privacy-preserving measurement and machine learning
Apps

Privacy-preserving measurement and machine learning

9 hours ago
Encrypted Client Hello – the last puzzle piece to privacy
Apps

Encrypted Client Hello – the last puzzle piece to privacy

9 hours ago
Threats

Beware of scammers! Dangerous apps in the App Store

9 hours ago
Show More

Related stories

How to upgrade to Windows 11 23H2 with Installation Assistant
How to install September 2023 update with 23H2 features for Windows 11
Critical Vulnerability in Forminator Plugin
How to get the latest Windows 11 innovations
How to blur image background in Photos for Windows 11
How to download official Windows 11 23H2 ISO file
Previous Next

10 New Stories

Reminder: Enable two-factor authentication wherever you have it. This business
​​Know exactly when your data is transferred to GoogleIn a world where our data is permanent
​​Fake correspondence with the iPhone interfaceIn a world where digital communication is
​​Let's find out who is watching your Instagram stories from a fake Have you ever wondered
Window 11 Copilot: 10 Best tips and tricks
How To Limit Login Attempts on WordPress (+ Should You?)
Previous Next
Hot News
Cloudflare now uses post-quantum cryptography to talk to your origin server
Privacy-preserving measurement and machine learning
Encrypted Client Hello – the last puzzle piece to privacy
Beware of scammers! Dangerous apps in the App Store
How to enable extensions for Google Bard AI
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?