Chimera Crypto-Ransomware Wants You (As the New Recruit)

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Victim or potential business partner?

That’s the question raised by the crypto-ransomware named Chimera (Ransom_CRYPCHIM.A). At first glance, it might seem like your typical crypto-ransomware. However, there are three things that make Chimera stand out.

Online Extortion

The first is the threat of exposure: Chimera not only encrypts files, it also threatens to post them online if the ransom isn’t paid. This is the first time we’ve seen any crypto-ransomware threaten to publicly release data that they’ve encrypted in the first place.

chimera1.png

Figure 1. The malware has two versions of the ransom note, written in German and English

This threat, of course, adds more incentive for any victim to pay the ransom. After all, encrypted files can be recovered, thanks to back up files. However, there is no clear, easy remedy to data leakage.

Our analysis reveals that despite the threat, the malware has no capability of siphoning the victim’s files to a command-and-control (C&C) server. The only information it sends to its server is the generated victim ID, Bitcoin address, and private key.

Affiliate Program

The ransom note also contains another interesting proposition for victims. At the bottom of the note, it states that users should “take advantage of [their] affiliate program,” with more details in the source code of the file. The latter is clearly a way to sift out people with technical skills.

chimera2.png

Figure 2. Invitation to the affiliate program

Looking at the disassembled code, there actually is an address on how to contact them in case you are interested in joining them. The address is a Bitmessage address; Bitmessage is a legitimate peer-to-peer communications protocol used to send encrypted messages and mask the receiver and sender.

chimera3.png




Read more: Chimera Crypto-Ransomware Wants You (As the New Recruit) | Security Intelligence Blog | Trend Micro
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top