According to a German website, there is a new strain of ransomware dubbed Chimera that also threatens to publish personal data on the Internet.
A new strain of ransomware is targeting German companies, it is named Chimera and this time crooks don’t limit their extortion scheme to the file encrypting, they are also threatening victims to release sensitive data on the Internet.
The attack vector exploited by Chimera is the email, bogus emails are sent to the company employees to offer them a job or to apply for a job position. The malicious emails include a link to a Dropbox address, the messages try to trick employees into visiting the link claiming additional information.
When victims click on the link they download the Chimera ransomware that once installed encrypts user data present on the local system and on network connected drives. The ransomware displays victims the following message:
Victims need to pay 2.45 Bitcoin (around €630/$694) to decrypt the files. If the victims will not pay the ransom, the crooks will publish stolen data along with their name, on the Internet.
The researchers at Botfrei, who first spotted the malware, confirmed that here is no evidence that cyber criminals have leaked online the stolen data.
“There is so far no evidence or information whether the criminals have stolen from affected systems or are already published on the Internet personal information!” states a blog post published on Botfrei.
It is likely that the criminals have no ability to exfiltrate the encrypted data, that is expected to have a significant volume.
“Another problem with the edentulous threat posed by this ransomware is that the implication of a threatened personal information disclosure would assume that someone is combing through the files for that personal information,” explained the InfoSec analyst Bob Covello.
“This is a level of involvement that most ransomware criminals do not want to broach. Ransomware is designed for a quick payday for the criminals with little interaction with the victim.”
The primary defense against ransomware is to have the an updated backup of most important documents.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.