From Webroot comes a report of a new piece of ransomware called CoinVault. CoinVault works much in the same way as previous iterations of ransomware such as CryptoLocker by encrypting the user's files and then demanding that the user pay a ransom with bitcoin if they wish to reclaim the files. Where CoinVault differs to other ransomware is that it offers the user the choice to decrypt one file for free. The CoinVault ransom states:
Your personal documents and files on this computer have just been encrypted. The original files have been deleted and will only be recovered by following the steps described below. Click on "View encrypted files" to see a list of files that got encrypted.
The encryption was done with a unique generated encryption key (using AES-256). This means the encrypted files are of no use until they get decrypted using a key stored on a server.
This server will only release this key if the amount of Bitcoins (displayed left of this windows) is send to the Bitcoin address underneath this windows.
Each time the time hits zero, the total costs will raise with the start price.
After the purcase is made, please wait a few minutes for confirmation of the bitcoins. You can check whether the Bitcoins are confirmed with the 'check payment and receive keys' button. After payment and confirmation, your keys will appear in the textboxes. After that, you simply click 'decrypt using keys'. Your files will be decrypted and restored to their original location.
You can decrypt one file for free, using the 'One free decrypt' button.
You can easily delete this software, but know that without it, you will never be able to get your original files back.
For more information on how to buy and send bitcoin, click 'How to pay'.
The Webroot article displays a screenshot in which the address 1LN8carm8kZqaE2gY25UooA3zcSC7N7DtQ is displayed. The address does not contain a balance which might suggest that CoinVault generates a new one for each infection.