Gee THANKS: Cryptoscum offer a free decrypt in latest ransomware racket

Ransomware thieves are taking a leaf from the greasy salesperson's handbook and offering customers victims a free decryption of a file of their choosing, malware researcher Tyler Moffitt says.

Scammers would foist the CoinVault ransomware on victims through a variety of attack vectors and encrypt their files only supplying a key on payment of half a Bitcoin (AUD$223), a fee which increased by about $100 every 24 hours.

The latest version allowed users to pick any file they wished to decrypt in what appeared to be a means to prove the legitimacy of the ransom demand.

"This is a really interesting feature and it gives a good insight into what the actual decryption routine is like if you find yourself actually having to pay them," Moffitt said in a post.

"I suspect that this freebie will increase the number of people who will pay."

The variant also appeared to have ironed out its failure to scrub the volume shadow service which shuttered the victim's ability to restore files without payment.

Vulture South recommends organisations back up critical data regularly, including to air-gapped locations where ransomware cannot reach, possibly in Faraday cage buried deep in the earth. ®