CoinVault another ransomware variant

Ransomware a malicious program which infects your equipment and provides cybercriminals the ability to remotely lock your PC and encrypt your files, control all information stored on users machine. it will also display a pop-up window to instruct how to pay attacker and remove the virus.

Any malware may include several variants that adds functionality or new complex features to improve malware infection. over this week TrendMicro security researchers posted a new variant for the crypto-ransomware virus that encrypt user files and allow cybercriminals to control systems and lock these files.

The new variant is called CoinVault which will allow attacker to connect on victim machine to gather sensitive information and encrypt files with strong keys that can be decrypted only with a private key owned by attackers.  CoinVault will display new message and will allow user to decrypt only one file freely.

 CoinVault image on infected system by TrendMicro

One of the changes in this variant is using AES-256 instead of AES-128. CoinVault is not the only malware variant published but there are two more variant from the same malware and they are going to ask victims to write an email to certain user in-order to recover the files.

Response for this email will include instruction and payment method to decrypt the files which will be about 500USD. If the user will not pay to recover his files the documents are going to be destroyed in 24 hours. According to TrendMicro the biggest number of infected users are located in US.

Some of the security rules to protect against malwares are:

  1. Regularly update your operating system and application you use including the web browser.
  2. Install a good antivirus product and always update it.
  3. Do not open emails or files from unknown sources.
  4. Avoid visiting insecure pages or view the suspicious content
Notify of
Inline Feedbacks
View all comments