Cybersecurity company Webroot has found a new type of ransomware that after it has encrypted all files on an infected system offers to decrypt one file for free. The ransom to be paid for the required decryption key for all other files is increased every 24 hours.
The ransomware called CoinVault infects Windows systems and encrypts documents, archives, pictures, videos and ISO files. The criminals behind the malware claim files are encrypted using the strong AES-256 encryption which currently can't be cracked.
After Coinvault has infected the system and encrypted all files, the malware demands a ransom to be paid in Bitcoin for every file. The malware also offers the user to decrypt one file for free which according to Webroot is a potential loophole to be used for development of a decryption tool.
The user has to pay for every file seperately and payment is offered through an application, while most ransomware redirect their victims to a website. Coinvault raises the ransom every 24 hours making purchasing the decryption key more expensive every day. The malware is hard to remove because it blocks several executables such as anti malware tools. Nevertheless some victims report they are able to restore their files because Coinvault doesn't touch backups created through Volume Shadow Copy.
