A new crypto-ransomware variant called Chimera has been spotted making the rounds in Germany since September. According to the reports, besides encrypting victims’ data, the ransom note also states that the data would be published on the Internet if the ransom is not paid.
Crypto-ransomware works by encrypting files and asking for payment in return for a decryption key. If this variant works the way it states, Chimera raises the stakes of the extortion scheme by extracting files from affected machines and storing it remotely. Keep in mind that the most important word in the previous statement is “if”.
Chimera is reported to come in the form of false job applications or business offers, which is a common tactic used in social engineering. This email will contain a link to a Dropbox folder where additional information is supposedly stored. A Trojan would immediately start encrypting data once the link is clicked, which changes target files to the extension .crypt not just in local drives, but in connected network drives as well. The ransom fee is 2.45 Bitcoins, which currently amounts to US$694 or €630.
Crypto-ransomware (along with other ransomware schemes) has always worked more like an extortion operation, but is it now moving towards blackmail? So far, the idea of cybercriminals publishing a victim’s data may all be empty threats. The additional threat of posting the data online if the demand isn’t met can simply be a ploy to scare users into paying the ransom.
Chimera has so far shown no technical differences to prove that it’s capable of data extraction. If criminals do put the data online, this makes their anonymity vulnerable to forensic investigation.
Botfrei states that at this point, there hasn’t been any reported case in which the cybercriminals have published the data online. The blog also states that Chimera has yet to release a decryption key after victims have paid the ransom.
In the case of Chimera or any other crypto-ransomware, users are advised to regularly create backups of important files. It is also best to regularly update software, programs, and applications to secure additional protection from these online threats.