CoinVault

One example of the CoinVault variant. Image Source: Bleeping Computer

One example of the CoinVault variant.

Image Source: Bleeping Computer

CoinVault is part of the CryptoGraphic Locker ransomware family and targets Windows OS. It spreads via spam emails containing infected .zip file attachments disguised as PDF files. Files encrypted by CoinVault gain a .clf extension. It allows victims to decrypt one file for free as the decryption function is included in the executable file. Victims impacted can find a list of encrypted files labeled “CoinvaultFileList.txt” in their infected system’s temp folder.

  • Bleeping Computer provides more information about CoinVault, found here.
     
  • Security firm Kaspersky Labs offers a tool to decrypt files encrypted by CoinVault, available here.