Crypto-ransomware is one of the latest trends in the world of malware. Encrypting and holding files to ransom provides a way to extort money from victims, but a new example takes things one step further.

Chimera not only locks users out of their files until a ransom is paid, but also threatens to release unencrypted copies of the files online if payment is not made. Security company Trend Micro says this is the first instance of this type of threat. Interestingly, Chimera also seems to be part of an affiliate program.

Infected systems display a warning informing victims that their data will be inaccessible until they cough up the ransom. The incentive that said files will be leaked to the internet is an extra encouragement, particularly for anyone with content they would rather not be associated with. Victims are told:

If you don’t pay your private data, which include pictures and videos will be published on the internet in relation to your name.

In addition to trying to extort money from people, Chimera also acts as a recruitment campaign. The warning screen that lets people know that their computer is infected includes a footnote:

Take advantage of our affiliate-program! More information in the source code of this file.

As Trend Micro notes, this "is clearly a way to sift out people with technical skills". The security firm has examined the source code and determined that it does contain contact details and Bitcoin information for payment. There is also a decryption tool which checks to see whether a Bitcoin payment has been made before freeing up files.

Chimera is being described as Ransonware as a Service (RaaS) because of its recruitment drive component, and this could be the direction in which future ransomware is heading.


Level 44
Content Creator
Malware Hunter
Quote : " The Chimera ransomware campaign has apparently had its life cut short, according to security researchers Lawrence Abrams of Bleeping Computer and Fabian Wosar of Emisoft. They discovered its inactivity, reporting that they were “no longer seeing keys distributed via the Bitmessage client"

...researchers at Bleeping Computer found that it was not in fact possible to publish the user's private files online. Lawrence Abrams, the security company's founder, wrote in a blog post that “even though this is a scary threat, the reality is that Chimera does not have the ability to publish your files anywhere”.

Source : Chimera ransomware not twitching, must be dead


Level 17
What software do you use to do that?
Currently I'm okay using AxCrypt, be aware that you should register at their home page in order to be able to download the installer with no open candy on it, otherwise you should clean it with ESET or either manually unpack it. You can also reject opencady over installation. Just in case you may want to try it, I just sent you a PM with a clean install for both x32 and x64 systems. You can encrypt / decrypt files with explorer integration so it becomes very handy. You can also encrypt files and folders using a password and also with chance to use a passphrase key.


I never get tired of repeating that the backup is the tool that we have to be able to resume our work in the event of a disaster such as a ransomware infection, its functionality has to be a certainty. We must not think that "nothing ever happens". Thankfully, but don't take it for granted.