In the 14 months following the advent of Cryptolocker, there has been a rash of malware copycats that also use strong cryptography to encrypt contents of hard drives until victims pay a hefty ransom, almost always in bitcoins. Usually, they're little more than old wine in a new bottle, but the latest follow-on has tried a new tack: it allows victims to recover exactly one of the encrypted files for free.
Dubbed Coinvault, it was documented Friday by a researcher from antivirus provider Webroot. It allows victims to pick any encrypted file on their hard drive and get it back immediately, free of charge. To decrypt the remaining files, a victim must pay a ransom of 0.5 bitcoins, or about $200 at current exchange rates.
"What’s unique about this variant that I wanted to share with you all is that this is the first Encrypting Ransomware that I've seen which actually gives you a free decrypt," Webroot's Tyler Moffitt wrote in a blog post. "It will let you pick any single file that you need after encryption and will decrypt it for you."