To check to see if Kaspersky was able to recover your decryption key, go to the site https://noransom.kaspersky.com/ and enter the bitcoin address that is displayed in the CoinVault program. Once you enter the Bitcoin address, the site will search through the decryption key database and check to see if they have your key. If the site is unable to find your bitcoin address it will state Currently we do not have any records for this Bitcoin wallet.. Otherwise it will show the IV code and key that is associated with your bitcoin address. You will need this information to decrypt your files using their decryption application.
If you are able to retrieve your information, you should download Kaspersky's CoinVault Decryptor and enter in the IV code and Key that the site displayed. You can then either decrypt an individual file or all of your encrypted files. If you wish to decrypt all of your encrypted files, you need to browse to the filelist.txt file that contains a list of all your encrypted files. This file is usually located at %AppData%\Microsoft\Windows\filelist.txt.
Once you are ready to decrypt your files, click on the Start button. After performing the mass decryption process utilizing the filelist.txt list, if there are any data files still encrypted you can use the tool to decrypt those leftover files individually. If there are many files leftover, you can enter their paths into a text file and use that file as your encrypted file list.
Kaspersky provides instructions on how to use the program, but unfortunately it does not address some issues. For example, if the CoinVault program is unable to access the Command & Control server, it will not make itself visible. Therefore, you may be unable to access your bitcoin addresses. Furthermore, if you are not able to access the GUI for the ransomware, you cannot use the instructions for exporting the file list. If you know your CoinVault bitcoin address, you can access the file list using the path described above.