Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chimera: A New Ransomware Variant Threatens to Publish Sensitive Data


  • Please log in to reply
7 replies to this topic

#1 White Hat Mike

White Hat Mike

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:11:23 PM

Posted 03 November 2015 - 04:41 PM

Note: Chimera has been found targeting users in Germany

 

A new ransomware variant dubbed Chimera not only encrypts the infected device's local file system, as well as any network shares that device can reach, but it also threatens to publish sensitive information stolen from the infected file system online if the victim does not pay up.  While these claims are more than likely empty threats, as combing through the encrypted file system for sensitive data is a daunting task that usually isn't worth it, it is interesting to see a ransomware variant include personal threats natively within their ransom notes.

 

http://securityaffairs.co/wordpress/41688/cyber-crime/chimera-ransomware-targets-germany.html


Edited by White Hat Mike, 03 November 2015 - 04:41 PM.

Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 06 November 2015 - 08:22 AM

Another article on Chimera on ArsTechnica, which present how Cryptoware are now evolving to make sure that the victims will pay the ransom.

Booming crypto ransomware industry employs new tricks to befuddle victims

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:23 AM

Posted 15 November 2015 - 08:02 AM

And even if they manage to find sensitive data and publish it, then enough people have to be interested to read it. Otherwise there's no real threat.


Edited by Didier Stevens, 15 November 2015 - 08:03 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:23 PM

Posted 17 November 2015 - 03:38 PM


More information in this BC news topic: Chimera Ransomware uses a Peer-To-Peer Decryption Service
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:23 PM

Posted 26 July 2016 - 11:22 AM

Good news: the keys for Chimera were leaked.

https://twitter.com/hasherezade/status/757969753822662657

 

A decrypter will most likely be in the works soon.

 

Note that if you files have ".crypt" appended, there is a chance it is also CryptXXX if you were infected in 2016. Chimera only affected victims primarily at the end of 2015, so if you were infected then and have your files, just hold onto them and wait for a released decrypter. :)


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 26 July 2016 - 11:24 AM

That's awesome news! Thanks for letting us know Demon :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 thyrex

thyrex

  • Members
  • 586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belarus
  • Local time:06:23 AM

Posted 28 July 2016 - 11:34 AM

Kaspersky Lab add decrypting into RakhniDecryptor 1.16.0.0 (information is on the page with the description in Russian)


Microsoft MVP 2012-2016 Consumer Security

Microsoft Reconnect 2016


#8 Amigo-A

Amigo-A

  • Members
  • 583 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:08:23 AM

Posted 31 July 2016 - 11:52 AM

 RakhniDecryptor 1.16.0.0 + other lang

10697465.jpg


Edited by Amigo-A, 31 July 2016 - 11:55 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users