Chimera ransomware keys leaked by rival malware developers

July 29th, 2016 by Mark Daly in Industry News No Comments »

The operators behind the Petya and Mischa double-pack of ransomware trouble have been busy entrepreneurs this week, delivering a one-two punch to the competition.

One of those punches was to offer the two variants via Ransomware-as-a-Service (RaaS) so that any wannabe crook can become an official distributor.

The second punch: purportedly skewering a rival gang by releasing about 3,500 RSA private keys allegedly corresponding to systems infected with the ransomware Chimera.

On Tuesday, the operators posted those keys onto Pastebin, saying that this should enable someone to create decryptors for this older ransomware.

Here’s what the Mischa developers had to say:

Earlier this year we got access to big parts of their deveolpment [sic] system, and included parts of Chimera in our project.

Additionally we now release about 3500 decryption keys from Chimera.

Unfortunately, it’s not time to relax: not by a long shot. Given the new affiliate system, which gives participants a chance to distribute the malware for a chunk of the profits, the RaaS variants are poised to be spread far and wide.

Lawrence Abrams, the founder of tech support forum

Unfortunately, this will most likely lead to a greater amount of distribution campaigns for this ransomware.

What to do?

We regularly offer advice on preventing (and recovering from) attacks by ransomware and other nasties.

Here are some links we think you’ll find useful:

Copyright: Sophos Naked Security

Leave a Reply

You must be logged in to post a comment.

NEED MORE INFORMATION?Contact us to see how we can help your business

Call our Sales Team on:

+44 (0)121 289 3434

or email us at: