In any business industry competitors are trying to sabotage each other so their product would be the only one in the market. This “rule” implies even when in the cyberworld and sometimes the victims are the ones who get lucky. That appears to be the case with the Chimera crypto ransomware. According to a post, a couple of days ago the crooks behind the Misha ransomware published what are supposed to be the decryptor keys for their rival Chimera.
“Earlier this year we got access to big parts of their development [sic] system, and included parts of Chimera in our project. Additionally we now release about 3500 decryption keys from Chimera.” the Mischa developers posted to Pastebin.
If this is to be true, the Misha gang did not only plagiarize Chimera`s code for their own project but they also wrecked all their work by publishing the secret keys for recovering Chimera`s encrypted files.
In December, researcher from Malwarebytes discovered that Chimera`s tactic was slightly more different from the usual ransomware`s. The witty ransomware doesn’t just encrypt users` files and demands a ransom for their recovery. It also threatens to publicly expose them in plaintext if the victims decide not to pay up. There is no proof yet that Chimera actually would do that, but the tactic they have come up with is crafty enough to panic their victims. They may have decided to let go of all their encrypted data but the thought of it being published online will surely make them reconsider.
If the keys are not just the next cybercriminals` scam and they actually work, a lot of people`s data held hostage by Chimera will be recovered. Anyway, this doesn’t much help Mischa`s victims. Moreover, Mischa is bundled with another cryptoransomware called Petya and their targets are not that lucky to receive the dectyptor keys they need.
“Checking if the keys are authentic and writing a decryptor will take some time,” Malwarebytes researchers blogged. “But if you are a victim of Chimera, please don’t delete your encrypted files, because there is a hope that soon you can get your data back.”