Researchers of Botfrei Detected New Variant of Chimera Ransomware

Security researchers of security firm, Botfrei, have detected a new version of the infamous file encrypting ransomware Chimera, which does more than just holding users' files hostage. Softpedia.com reported on 2nd November, 2015, stating that the latest Chimera ransomware combines scareware techniques with encryption of files and target companies.

Currently, this new campaign is only active in Germany, and according to the findings of Botfrei, the ransomware is distributed through scam emails sent to victims which contain a link to a Dropbox Web page. Users visiting this link are infected with the Chimera ransomware.

Users who have the unfortunate fate of clicking the Dropbox link and being victimized with a dose of Chimera have their files encrypted, and are asked to pay a ransom amount of 2.45 Bitcoin ($694/630Euro) to get their files decrypted.

These are all normal operations indicating how ransomware infections work. The twist comes when Chimera shows a message, which warns users that if they don't pay the ransom then their data will be published online besides encrypting files, and holding them to ransom till the victim pays the ransom money.

Security researchers of Botfrei say that they have not observed any real proof of personal files being published anywhere on the Internet. It is quite possible that cyber criminals can steal personal files but even then it is unlikely that someone will actually do such an operation. However, doing so will only expose their anonymity because clues can be left behind for malware researchers to discover and analyze. Also, they publish files online because of storage capacity which are needed for such an activity. In the end, it is yet another method to scare users and compel them to pay.

Botfrei says that Chimera works like other ransomware Trojans. It (referring to Chimera) encrypts important documents, pictures, videos or other files which are valuable to users, and then leaves behind a ransom note demanding a ransom amount. The ransomware is devastating because even when you remove it through anti-virus software, it does not mean that your files will be restored. This is why the best defense against ransomware like Chimera is regularly keeping backups of important data, as concluded by the security firm.

» SPAMfighter News - 11/5/2015