CoinVault is a new ransomware from the same family as CryptoGraphic Locker. Once infected, CoinVault will encrypt all of your data files and then demand a .7 bitcoin ransom to decrypt your files. If you do not pay the ransom within 24 hours, the ransom price will increase. It is strongly advised that you do not pay the ransom and instead try to restore your files from backups or Shadow Volume Copies.
When you become infected with CoinVault it will configure itself to start automatically when you login to Windows by setting an autostart in the Registry called Vault. The application will then scan your drives for data files and encrypt any that are detected. It will store the path to each file it encrypts in the %Temp%\CoinVaultFileList.txt file. The file extensions that CoinVault targets are:
.odt, .ods, .odp, .odm, .odc, .odb, .doc, .docx, .docm, .wps, .xls, .xlsx, .xlsm, .xlsb, .xlk, .ppt, .pptx, .pptm, .mdb, .accdb, .pst, .dwg, .dxf, .dxg, .wpd, .rtf, .wb2, .mdf, .dbf, .psd, .pdd, .pdf, .eps, .ai, .indd, .cdr, .dng, .3fr, .arw, .srf, .sr2, .mp3, .bay, .crw, .cr2,.dcr, .kdc, .erf, .mef, .mrw, .nef, .nrw, .orf, .raf, .raw, .rwl, .rw2, .r3d, .ptx, .pef, .srw, .x3f, .lnk, .der, .cer, .crt, .pem, .pfx,.p12, .p7b, .p7c, .jpg, .png, .jfif, .jpeg, .gif, .bmp, .exif, .txtWhen it has finished encrypting your data it will then display a ransom screen that explains how you can pay a ransom to decrypt your files. Each infected user will also be assigned a different bitcoin address to make it harder to monitor payments for this malware. Unlike most other ransomware, CoinVault does not use a decryption site and instead the malware itself acts as the decrypter and payment system. This infection will also terminate almost all executables that are started to make it harder to remove.
Finally, this infection will change your Windows wallpaper to the background below:
The best way to avoid the hassle of any Ransomware is to Back up your files. is to have regular offline or offsite backups. Since file encrypting ransomware goes after all hard drives that are active, including 2nd internal, USB and network
Furry Times 