|Short Description||This is said to be the upgraded version of cryptographic locker. The noticeable difference is that the GUI and the Wallpaper. This uses the additional encryption standard compared to the predecessor of this ransomware.|
|Symptoms||It is easy to see if you are infected with CoinVault, you will see an image like that depicted|
|Distribution Method||Spam email.|
This is part of cryptographic locker family, unlike other ransomware the infection does not utilize a site that does the decryption part to make the payment and download the decrypter, the decryption and the payment system are given as a inbuilt function in this malware executable. Once the system is infiltrated it starts to scan the victim computer and scans for the data files and starts to encrypt them, the encryption is done using AES method. The cost for decrypting the encrypted files may by upto 0.7 bitcoins and will doubled up if the ransom is not paid within 24 hours.
While scanning the victim’s device the coinvault ransomware searches for specific files such as given below.
Once the files are encrypted the encrypted files are stored in the temp data location.
The list of files that the Coinvault tried to encrypt can be found out in the following location.