{"id":9886,"date":"2015-09-17T09:00:32","date_gmt":"2015-09-17T13:00:32","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=9886"},"modified":"2020-02-26T11:03:01","modified_gmt":"2020-02-26T16:03:01","slug":"criminals-behind-the-coinvault-ransomware-are-busted-by-kaspersky-lab-and-dutch-police","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/criminals-behind-the-coinvault-ransomware-are-busted-by-kaspersky-lab-and-dutch-police\/9886\/","title":{"rendered":"Criminals behind the CoinVault ransomware are busted by Kaspersky Lab and Dutch police"},"content":{"rendered":"

On Monday 14, September, the Dutch police arrested two young men<\/a>, 18 and 22 years old, from Amersfoort, the Netherlands. The duo is suspected of attacking users PCs with the CoinVault ransomware. Since May 2014, the malware has targeted people in more than 20 countries, locking their devices and demanding ransom for bringing files back to the owners. The majority of victims had been registered in the Netherlands, Germany, USA, France and the UK.<\/p>\n

Since 2014 Kaspersky Lab has tracked the evolution of CoinVault<\/a> malware and collaborated with the National High Tech Crime Unit (NHTCU) of the Dutch police. The malware samples had flawless Dutch phrases throughout the binary code. As Dutch is a relatively difficult language to write without any mistakes, our specialists suspected the Dutch connection from the very beginning \u2014 And they were right!<\/p>\n

In November 2014 Kaspersky Lab and Dutch police launched noransom.kaspersky.com<\/a>, a tool that could be used to restore files encrypted by the CoinVault ransomware. It was the working alternative for victims<\/a> who either had to pay a ransom to the criminals or lose their files forever.<\/p>\n

\n

Learn how to remove CoinVault ransomware and restore your lost files \u2013 http:\/\/t.co\/OB02O372Yy<\/a> pic.twitter.com\/QjwzvIdKnz<\/a><\/p>\n

\u2014 Kaspersky (@kaspersky) April 17, 2015<\/a><\/p><\/blockquote>\n