A ransomware infection, named by the mythical beast Chimera was spotted by ESG malware researchers to encrypt vital documents, pictures, videos, audio files and other of the computers it infects. The Chimera virus also deletes the backup of those files and asks it’s victims to pay the ransom fee for the files. The payoff amount asked by the Chimera is reported to be around 1 BTC , and the virus also threatens users to publicly publish pictures and videos of the user online. Fortunately, a decryptor has been released for Chimera ransomware by Kaspersky researchers that may decrypt your files. To learn how to work with the decrypter and hopefully, restore your files to a working state.
Chimera Ransomware – Background
This particular string of ransomware code used to infect victims back in 2015 with massive spam campaigns especially via e-mail. The spam messages were reported to possibly have the following types of files as e-mail attachments:
→ .docx, .jpg, .bat, .cmd, .exe, .pdf, .vdi, .txt
Not only this but the attachments may contain legitimate files uploaded along with them all packed together in a .ZIP or .RAR archive to make the process seem legitimate. After opening the malicious files, the ransomware immediately started file encryption.
After encryption, the Chimera ransomware left the following ransom note on infected computers to notify the user that he or she must pay the ransom:
Users were left with no option but to pay the ransom money or wait until a decryptor is released. Thankfully now, there has been an actual release of a decryptor, by Kaspersky researchers who have updated their Rakhni Decrypter to decode files encrypted by Chimera ransomware.
Chimera Ransomware – Removal and Decryption Tutorial
To best give you the instructions, we have decided not to limit you solely to the decryption of this virus. In case your computer is infected with Chimer, you should remove it before decrypting your files. This is why we have separated the process into two phases – removal and decryption. In case you have already removed the virus, you can skip to step two and go directly for the decryption instructions:
Phase 1 – Removal
To remove Chimera ransomware, please follow the below-mentioned removal instructions. In case you are having difficulties In manually removing Chimera, please use the Automatic Removal Instructions.
Manually delete Chimera from your computer
Note! Substantial notification about the Chimera threat: Manual removal of Chimera requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.
Automatically remove Chimera by downloading an advanced anti-malware program
Phase 2 – Decryption
After having removed Chimera from your computer, you should prepare your computer to not shut down automatically during decryption, since this process may take some time. To do this, please follow the following instructions:
1-Click once on the icon for the power (battery icon) in your system tray that is located next to your clock in the bottom right. After this, a menu will appear and on it click on More Power Options.
2-After the Power Options menu shows up, click on Change Plan Settings to open the settings.
3-In there, make sure you set everything from “Turn off the display” to “Put Computer to Sleep” in all modes to “Never”.
4-Now go to “Change Advanced Plan Settings” and go to the expanding “Hard Disk” setting from the list and set it’s settings to “Never” as well.
After you have prepared yourself, please follow these steps to start decrypting files:
Step 1: Download Kaspersky’s Rakhni Decryptor which supports Chimera Ransomware by clicking on the button below and saving it to your computer:
Step 2: Open the executable file and click on the Start Scan button:
Step 3: Choose a file from the file explorer pop-up that will appear and click on Open. Make sure to choose a file that is smaller in size.
Now, the decryption process for your keys will begin. This may take from minutes to days, so please be patient. You will see a pop-up notifying you if a decryption has been successful or not.
Chimera Ransomware – Conclusion
Make sure to try this process on a safe computer. In addition to that, make sure to also backup the encrypted files just in case they contain defensive mechanisms that break the files when you attempt to decrypt them.
We also recommend to anyone affected by this ransomware to learn how to protect their data in the future by reading the below-mentioned related article: