UPDATE (17th April 2015 10:36): Kaspersky Lab has added a further 711 decryption keys to its database.Kaspersky Lab has released a new tool to help free computer files 'held hostage' by bitcoin ransomware.CoinVault, which has infected around 700 computers in the Netherlands, is a strain of malware that demands a rising amount of bitcoin to unlock files it has encrypted.Thanks to Kaspersky's ransomware decrypter, certain victims can now access their files free of charge.The tool was created after Dutch authorities shared a database of CoinVault's information (including IVs, keys and bitcoin wallets) with the firm as part of an investigation in the country.Jornt van der Wiel, a security researcher at Kaspersky's global research and analysis unit, told CoinDesk that the company hopes to add more decryption keys to its database.He said: "We have uploaded a huge number of keys onto the site, and together with the National High Tech Crime Unit of the Netherlands’ police we are continuously updating the information."

Though Kaspersky and the Dutch authorities uncovered a sizeable chunk of data, users whose keys are not on the list or those who have been targeted by a different strain of ransomware remain locked out.When faced with this dilemma, some victims – including police departments – are choosing to pay up and hope for the best."As there are few ways to get files back without paying, users often just give in.This is the wrong strategy, but it’s often the easiest for the user," Van der Wiel said.Additionally, police in the CoinVault investigation argue that payment doesn't always mean you'll get the files back.Rather, this behaviour perpetuates the problem.A translated statement from the department reads: "[Paying] motivates the criminals to continue to use this payment method, and furthermore does not always lead to actual release."Indeed, a 2014 study from security firm ESNET showed that of the 39,760 people who did pay the ransom of a similar virus, Cryptolocker, only 570 were given access to decryption software after making their payment.

As files can be retrieved only if tools like Kaspersky's are created, the best choice, Van der Wiel says, is protection.Users should keep their anti-malware suite updated and make a habit of backing up their most important files, he added.CoinVault first came to the attention of Kaspersky Lab last November.litecoin price january 2013The virus, which has targeted more than 20 countries, usually gains access to victims' machines via phishing emails or links to malicious websites.bitcoin mega crashUnlike other strains, including Cryptolocker, CoinVault lets victims decrypt one file 'on the house' – perhaps to alleviate worries that documents will remain locked after a payment has been made.dogecoin payAfter 24 hours the ransom starts to rise.cia invented bitcoin

As the bitcoin address CoinVault provides is "dynamic", it is very complex to trace the funds it receives, said Van der Wiel.CoinVault's creators are keen to protect their product too, he added: "In terms of functionality we have seen similar malicious applications in the past, including 'TorrentLocker' and some PowerShell ransomware.litecoin price rise 2015In fact, the amount of effort invested in protecting CoinVault’s code shows that the cybercriminals are leveraging previously developed libraries and functionality in order to avoid reinventing the wheel."bitcoin worthlessAuthorities have not made any arrests in connection with CoinVault, but say they still investigating the perpetrator, who is believed to be in the Netherlands.mine litecoin asicUsers can find the decryption tool at Kaspersky's website, which also features the company's decryption app and 'how to' guides on the subject.bitcoin burger london

Contact us at [email protected]/* bitcoin bot faucetSeveral major cryptocurrency exchanges were quick to offer support for the new currency.Zcash got off to a flying start; within the first few hours, 1 ZEC reached $30,000.It should be pointed out, however, that there were only a few dozen coins in existence at that time, so the actual turnover was very low.In the following days, ZEC’s value steadily declined against Bitcoin.

At the time of writing, it had leveled out temporarily at 0.07 – 0.01 ZEC/BTC (around $70).Despite this dramatic drop from the initial values (which was anticipated), Zcash mining remains among the most profitable compared to other cryptocurrencies.Ranking of cryptocurrency mining profitability, as reported by the CoinWarz website This has led to the revival of a particular type of cybercriminal activity – the creation of botnets for mining.A few years ago, botnets were created for bitcoin mining, but the business all but died out after it became only marginally profitable.In November, we recorded several incidents where Zcash mining software was installed on users’ computers without permission.Because these software programs are not malicious in themselves, most anti-malware programs do not react to them, or detect them as potentially unwanted programs (PUP).Kaspersky Lab products detect them as not-a-virus:RiskTool.Win64.BitCoinMiner.Cybercriminals use rather conventional ways to distribute mining software – they are installed under the guise of other legitimate programs, such as pirated software distributed via torrents.

So far, we have not seen any cases of mass-mailings or vulnerabilities in websites being exploited to distribute mining software; however, provided mining remains as profitable as it is now, this is only a matter of time.The software can also be installed on computers that were infected earlier and became part of a for-rent botnet.The most popular mining software to date is nheqminer from the mining pool Micemash.It has two known variations: one earns payments in bitcoins, the other in Zcash.Both are detected by Kaspersky Lab products, with the respective verdicts not-a-virus:RiskTool.Win64.BitCoinMiner.bez and not-a-virus:RiskTool.Win64.BitCoinMiner.bfa.All that cybercriminals need to do to start profiting from a mining program on infected computers is to launch it and provide details of their own bitcoin or Zcash wallets.After that, the “coin mining” profit created by the pool will be credited to the cybercriminals’ addresses, from where it can be withdrawn and exchanged for US dollars or other cryptocurrencies.

This is what allows us to ‘snoop’ on some of the wallets used by cybercriminals.Here’s just one example: Using a wallet’s address, we can find out how much money arrived and from which source (i.e.the mining pool) (https://explorer.zcha.in/accounts/t1eVeeBYfPPLgonvi1zk8e9SnrhZdoCBAeM) We see that the address was created on 31 October, just a couple of days after Zcash launched, and payments are still being made to it at the current time.You may be wondering what happened to the promised anonymity.Actually, there are two types of wallets in Zcash: completely private purses (z-address) and public wallets like that shown above (t-address).At the current time, the completely private wallets are not very popular (they are not supported by exchanges), and are only used to store around 1% of all existing Zcash coins.We found approximately 1,000 unique users who have some version of the Zcash miner installed on their computers under a different name, which suggests these computers were infected without their owners’ knowledge.

An average computer can mine about 20 hashes per second; a thousand infected computers can mine about 20,000 hashes a second.At current prices, that equals about $6,200 a month, or $75,000 a year in net profits.Here are just a few real-life examples of the names used by these program and where they are installed on infected computers: As you can see, the names of many mining programs coincide with those of legitimate applications, but the installation location is different.For instance, the legitimate Windows Task Manager app (taskmgr.exe) should be located in the system folder C:\Windows\System32 and not in C:\system.To ensure that the mining program is launched each time the operating system starts, the necessary records are added either to Task Scheduler or to the registry auto-run keys.Here are some examples of these records: A couple of detected websites distributing mining programs: Additional DLLs are required for the mining program to work.These DLLs, shown below, are installed along with the mining program.