A new strain of ransomware is targeting German companies, it is named Chimera and this time crooks don’t limit their extortion scheme to the file encrypting, they are also threatening victims to release sensitive data on the Internet.
The attack vector exploited by Chimera is the email, bogus emails are sent to the company employees to offer them a job or to apply for a job position. The malicious emails include a link to a Dropbox address, the messages try to trick employees into visiting the link claiming additional information.
When victims click on the link they download the Chimera ransomware that once installed encrypts user data present on the local system and on network connected drives. The ransomware displays victims the following message:
Victims need to pay 2.45 Bitcoin (around €630/$694) to decrypt the files. If the victims will not pay the ransom, the crooks will publish stolen data along with their name, on the Internet.
The researchers at Botfrei, who first spotted the malware, confirmed that here is no evidence that cyber criminals have leaked online the stolen data.
“There is so far no evidence or information whether the criminals have stolen from affected systems or are already published on the Internet personal information!” states a blog post published on Botfrei.
It is likely that the criminals have no ability to exfiltrate the encrypted data, that is expected to have a significant volume.
“Another problem with the edentulous threat posed by this ransomware is that the implication of a threatened personal information disclosure would assume that someone is combing through the files for that personal information,” explained the InfoSec analyst Bob Covello.
“This is a level of involvement that most ransomware criminals do not want to broach. Ransomware is designed for a quick payday for the criminals with little interaction with the victim.”
The primary defense against ransomware is to have the an updated backup of most important documents.
(Security Affairs – ransomware, Chimera)