We’re all familiar with the Chimera ransomware and its infection methods. However, researchers have detected a new variant of the file encrypting threat that does more than just hold users’ files hostage. The latest Chimera ransomware combines scareware techniques with file encryption, and targets companies. The result is the user, most likely an employee or the owner himself, is being extorted in more than one way. On one hand, his files are encrypted, and on the other, he is threatened that his personal files will be made public, if the ransom is not paid on time.
Here’s how the ransom message looks in German:
The recent campaign is observed to be spreading in Germany. The bloggers at Botfrei were the first to report the new ransomware strain of Chimera. What they have shared is that the threat is distributed via emails containing links to a DropBox page. Once the user lands on that page, he is being infected with the malicious piece.
As an inevitable result, the victim’s personal files are encrypted and a ransom is demanded in exchange for their decryption. The amount of the extortion fee is 2.45 Bitcoins which equals $694 or 630 euros. However, not only are the victim’s files locked, but a warning message is displayed threatening that the personal files will be published online, if the ransom is not paid.
The Moral Extortion is Just Scareware Tactics
Researchers at Botfrei say that they haven’t observed any real evidence of personal files being published anywhere on the Internet. Even though it’s quite possible that cyber criminals can steal personal files, it’s unlikely that someone will actually do such an operation. Doing so will only endanger their anonymity, since clues can be left behind for malware researchers to discover and analyze. Also, because of the storage capabilities that are needed for such an activity, publishing files online. In the end, it’s yet another method to scare users and make them pay.
What to Do If Have Been Targeted by Chimera Ransomware?
We have already analyzed the malicious threat. Like other ransomware Trojans, Chimera encrypts important documents, pictures, videos or other files that are precious to the user, and leaves a ransom note, asking the victim for payment. What is devastating about ransomware is that removing it via anti-malware software doesn’t mean that the files will be restored. This is why the best defense against ransomware such as Chimera is regularly backing up important data.
If you were unlucky enough to get hit by Chimera, just follow our instructions situated in the article below: