After three years, CoinVault creators are facing the court

by Lucia Danes - - 2018-07-20

After three years of waiting, CoinVault ransomware is finally in court

CoinVault ransomware creators go to trial CoinVault developers will be sentenced for encrypting users' data and requesting ransomware fees.

After being arrested in September 2015, CoinVault and BitCryptor ransomware creators are waiting for their final sentence which should be announced on the 26th of July. Two brothers from Amersfoort, Netherlands, are blamed for the extortion, theft and computer intrusion, and may face a 12-year sentence in prison.

According to the local press, the prosecution asked for one year in prison as one of the brothers was underage while the crime was committed, but three judges had an agreement to continue with prosecution normally.

With the help of CoinVault ransomware, they infected around 13000 computers^[1] from the United States, Germany, England. However, most of the victims were from the creators' homeland – the Netherlands. At that time, CoinVault was the most advanced ransomware virus which was replaced by BitCryptor after several months. Kaspersky Lab presented the official decryptor in April 2015.^[2]

Hackers revealed themselves because of a bug

Hackers were revealed by Kaspersky lab experts after making a mistake while coding their malware. Because of this bug, experts managed to discover their real names. Right after discovering the flaw, experts made a public post^[3] about their findings. However, even after seeing the post with their names, hackers kept infecting users and collected ransomware fees.

According to Kaspersky Lab, the bug was in the pdb path:

We had a screenshot with one of the suspect’s first name in the pdb path. When we worked with the police on this case they kindly asked us to remove that screenshot (which we did), so that the suspects didn’t realize they made a mistake.

Ransomware developers continued to collect money from their victims and it is believed that they generated over $10000 each from these campaigns. Officially, there are around 1295 people who got infected with CoinVault ransomware. However, Kaspersky Lab's experts had published more than 14 000 decryption keys before this trial even started.

Victims are seeking to gain profit as well

These two young hackers knew all the risks they are up to. However, the desire to gain profit was stronger. At the moment, some of their victims decided to do the same. They have already testified in court as victims and asked for the refund in Bitcoins. Having in mind that Bitcoin's price has grown from hundreds to thousands of dollars in worth, it is more than logical.

As we have mentioned, brothers made over $10000 each from these campaigns. At the time, they had been asking for 1BTC ransom, it is likely that people paid. In three years, Bitcoin price grew from $220 to $6000 in worth.^[4]

About the author

Lucia Danes - Virus researcher

Lucia is a News Editor for 2spyware. She has a long experience working in malware and technology fields.

Contact Lucia Danes
About the company Esolutions

References

^ Catalin Cimpanu. Dutch police have arrested two young men who they suspect of being the authors of the notorious CoinVault ransomware. Softpedia. Security news.
^ The official CoinVault decryptor. Kaspersky lab. Support.
^ Santiago Pontiroli. A nightmare on malware streetA nightmare on malware street. Securelist. Kaspersky Lab's reports.
^ The change in Bitcoin price. Coindesk. The leading crypto asset and blockchain technology community.