What is CoinVault?

CoinVault is a new data encryption program associated with the CryptoGraphic Locker malware. The CoinVault malware gets onto the computer unnoticed and encrypts various files. Finally, it displays a ransom warning, according to which, the user has to pay a certain amount of money in order to regain access to the system. If you do not have your data backups, you cannot regain access to the system without them. Moreover, our team at advises you against paying the ransom because nobody can assure you that you will be provided with the decryption key, so-called private key. If you have recently backed up your files, remove CoinVault from the computer and upload your files on the computer.

How does the CoinVault malware work?

Once installed, the CoinVault malware makes some changes in the Windows registry in order to start running once the system starts up. Furthermore, the infection scans the system and encrypts a great variety of files, including .doc, .gif, .xlsm, .docx, .eps, and many others. In order to provide the user with instructions on how to regain access to his/her files, the infection changes the wallpaper of the screen and displays a ransom warning which explains why the user has lost access the data. Below you will find an excerpt from the CoinVault warning:

The encryption was done with a unique generated encryption key (AES-128).
The only way to decrypt your files, is to obtain your private key and IV.

The warning shows that the user has to pay a fee of 0.7 bitcoins, which approximately equals €207. Once the infection gets on the PC, the countdown clock starts counting time left until the ransom sum increases. Additionally, the user of the compromised computer is offered a chance to decrypt on file without any fee.

Unlike other ransomware infections based on the encryption technology, CoinVault does not use a separate decryption website but operates as a payment system. Moreover, the CoinVault malware installs a program named LiveContractView which enables the remote attacker to provide the victim with the decryption key when the payment is made.

The good news about the CoinVault malware is that it may be possible to restore your data using Shadow Volume Copies. If System Restore is enabled on the computer, it means that a service called Shadow Copy, also known as Volume Snapshot Service, creates snapshots of your files and volumes. The snapshots available to you may not be the last versions of the files; nevertheless, you should continue trying to restore your date.

How to remove CoinVault?

When it comes to malware removal, we recommend that computer users rely on a reputable security program because malware removal requires knowledge and skills. Our advice is to use SpyHunter because this program can terminate the program and, most important, safeguard the system against other threats. The removal of CoinVault is a must because after restoring your personal information it may encrypt new files once again; hence, take immediate action if you want to use the computer and browse the Internet safely. 100% FREE spyware scan and
tested removal of CoinVault*


Leave a Comment

Enter the numbers in the box to the right *