Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Decrypt Files Encrypted by Chimera Ransomware

chimera-ransomware-sensorstechforum-decryption-mainA ransomware infection, named by the mythical beast Chimera was spotted by ESG malware researchers to encrypt vital documents, pictures, videos, audio files and other of the computers it infects. The Chimera virus also deletes the backup of those files and asks it’s victims to pay the ransom fee for the files. The payoff amount asked by the Chimera is reported to be around 1 BTC , and the virus also threatens users to publicly publish pictures and videos of the user online. Fortunately, a decryptor has been released for Chimera ransomware by Kaspersky researchers that may decrypt your files. To learn how to work with the decrypter and hopefully, restore your files to a working state.

Chimera Ransomware – Background

This particular string of ransomware code used to infect victims back in 2015 with massive spam campaigns especially via e-mail. The spam messages were reported to possibly have the following types of files as e-mail attachments:

→ .docx, .jpg, .bat, .cmd, .exe, .pdf, .vdi, .txt

Not only this but the attachments may contain legitimate files uploaded along with them all packed together in a .ZIP or .RAR archive to make the process seem legitimate. After opening the malicious files, the ransomware immediately started file encryption.

After encryption, the Chimera ransomware left the following ransom note on infected computers to notify the user that he or she must pay the ransom:

chimera-ransomware-sensorstechforum

Users were left with no option but to pay the ransom money or wait until a decryptor is released. Thankfully now, there has been an actual release of a decryptor, by Kaspersky researchers who have updated their Rakhni Decrypter to decode files encrypted by Chimera ransomware.

Chimera Ransomware – Removal and Decryption Tutorial

To best give you the instructions, we have decided not to limit you solely to the decryption of this virus. In case your computer is infected with Chimer, you should remove it before decrypting your files. This is why we have separated the process into two phasesremoval and decryption. In case you have already removed the virus, you can skip to step two and go directly for the decryption instructions:

Phase 1 – Removal

To remove Chimera ransomware, please follow the below-mentioned removal instructions. In case you are having difficulties In manually removing Chimera, please use the Automatic Removal Instructions.

Manually delete Chimera from your computer

Note! Substantial notification about the Chimera threat: Manual removal of Chimera requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Chimera files and objects
2. Find malicious files created by Chimera on your PC
3. Fix registry entries created by Chimera on your PC

Automatically remove Chimera by downloading an advanced anti-malware program

1. Remove Chimera with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by Chimera in the future

Phase 2 – Decryption

After having removed Chimera from your computer, you should prepare your computer to not shut down automatically during decryption, since this process may take some time. To do this, please follow the following instructions:

1-Click once on the icon for the power (battery icon) in your system tray that is located next to your clock in the bottom right. After this, a menu will appear and on it click on More Power Options.
2-After the Power Options menu shows up, click on Change Plan Settings to open the settings.
3-In there, make sure you set everything from “Turn off the display” to “Put Computer to Sleep” in all modes to “Never”.
4-Now go to “Change Advanced Plan Settings” and go to the expanding “Hard Disk” setting from the list and set it’s settings to “Never” as well.

After you have prepared yourself, please follow these steps to start decrypting files:

Step 1: Download Kaspersky’s Rakhni Decryptor which supports Chimera Ransomware by clicking on the button below and saving it to your computer:

Download

Kaspersky Rakhni Decryptor

Step 2: Open the executable file and click on the Start Scan button:

3-shade-start-scan-button-sensorstechforum

Step 3: Choose a file from the file explorer pop-up that will appear and click on Open. Make sure to choose a file that is smaller in size.

3.2-encrypted-file-shade-ransomware-sensorstechforum

Now, the decryption process for your keys will begin. This may take from minutes to days, so please be patient. You will see a pop-up notifying you if a decryption has been successful or not.

4-decrypting-shade-ransomware

Chimera Ransomware – Conclusion
Make sure to try this process on a safe computer. In addition to that, make sure to also backup the encrypted files just in case they contain defensive mechanisms that break the files when you attempt to decrypt them.

We also recommend to anyone affected by this ransomware to learn how to protect their data in the future by reading the below-mentioned related article:

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.