Home » Alerts » How to Get Rid of CoinVault ransomware and Restore your Files

You cannot do much about if you are a victim of ransomware attack. Cybersecurity companies and police take down command and control servers of ransomware at regular intervals to retrieve information from them. The reason of retrieving this information is that it helps in creating decryption tools to recover users’ folders and files. Very recently, Kaspersky Lab with the cooperation of Dutch cyber-police created such a tool for CoinVault victims.


If you are a victim of CoinVault ransomware attack and looking for instruction on how to get rid of this it and restore your file, go through the below written document:

Step 1: Verify if you are infected with CoinVault?

Firstly you need to make sure that your files are encrypted by CoinVault and not by any another ransomware. The easiest way to know that you are infected with CoinVault, you will find the presence of an image like shown below:


Step 2: Get the Bitcoin wallet address

Copy and save the Bitcoin wallet address that is marked with a black circle on the image above in the bottom right of CoinVault.

Step 3: Get the encrypted file list

You will see a ‘View encrypted filelist’ button in the top left corner of the malware window (marked with blue circle on the image above), click on it and save the output to a file.

Step 4: Install Kaspersky Internet Security Remove CoinVault

To remove CoinVault from your system, visit https://kas.pr/kismd-cvault and download  Kaspersky Internet Security (the trial or paid version). Make sure that you save all information retrieved in steps 2 and 3.

Step 5: Check https://noransom.kaspersky.com

At https://noransom.kaspersky.com, enter the Bitcoin wallet address that you saved in step 2. If your Bitcoin wallet address is known, your screen will display the IVs and Key (you may notice multiple keys and IVs). You may need these keys and IVs later so save them to your computer.


Step 6: Download the decryption tool

Visit https://noransom.kaspersky.com to download the decryption tool. Once it gets download, run it on your computer. If you any error message reflects, as shown below, follow the step 7 otherwise skip that step and proceed to step 8.


Step 7: Download and install additional libraries

Visit http://www.microsoft.com/en-us/download/details.aspx?id=40779 and follow the directions given on the website. Now install the software.

Step 8: Start the decryption tool

Now start the tool that will show a screen like below:


Step 9: Verify if the decryption works properly

It is advised to do a test decryption if you are running the tool for the first time. Follow the following to test the decryption:

  • In the “Single File Decryption” box, click on “Select file” button and select one file that you want to decrypt
  • From the webpage, enter the IV into the IV box
  • From the webpage, enter the key into the key box
  • Click on “Start” button.

Crosscheck that the newly created file is properly decrypted.

Step 10: Decrypt all files locked by CoinVault

If everything seems right in step 9, it is possible to recover all your files at once. To recover all your files, choose the file list from step 3, enter IV and key and click start. If you want, you can also choose “Overwrite encrypted file with decrypted contents”.

Be very careful if you received multiple IVs and keys after entering your Bitcoin wallet address because it is still left to configure that these multiple IVs and keys for one Bitcoin wallet come from where. All that is recommended to you is leave the “Overwrite encrypted file with decrypted contents” box unticked. If anything goes wrong with the decryption you may try decrypting files using another IV+key pair until you decrypt the file is successfully.

Wait for some time and check https://noransom.kaspersky.com if you didn’t receive the IV and key at all. The investigation is on and team is trying to find new keys. As soon as new keys will be found, they will be added.

For any further assistance, you can call the technicians of PCTECH24 to get the expert help if you are facing issues while installing Kaspersky Software.


Avg Technical Support Services 5 Business Cybersecurity Risks That Must not be Overlooked – AVG Support
Kaspersky Antivirus Technical Support How to deal with “Man-in-the-Middle” attack?
Norton Antivirus Customer Support How Norton Support Experts Can Prevent You from Being Prey to Identity Theft?
McAfee Technical Support What are the Weak Spots that Can Impact Your Cloud Security?  
McAfee Technical Support Guidelines to be kept in mind before doing online shopping

Brought to you by SiteJabber

Recent Comments