Chimera ransomware targets German SMEs, threatens to leak sensitive data
Tue 3 Nov 2015
A new version of the Chimera ransomware [German] is hounding German firms, attacking corporate Windows systems and threatening to release sensitive information should the target not pay up.
The attack is delivered through fake emails sent via different addresses – mostly from the domain @emialn.de, but not exclusively. The emails are supposedly sent from individuals claiming to be looking for a job or offering a service. The body text contains a malicious link to a Dropbox address with a downloadable file. Once opened, the programme proceeds to encrypt local data as well as content on linked network drives, locking the computer and posting a ransom note.
In German the extortion message demands a payment of 2.45 bitcoin (approx. £610) to decrypt the files. If the company fails to make the payment, the criminals promise to leak personal data including Word, Excel and PDF documents, photos and videos, as well as any stored corporate information.
German anti-botnet experts, Botfrei, first discovered the new Chimera malware and suggested that there is currently no proof that the attackers have actually stolen any data from the breached systems or published them online. It is thought therefore that the message could be an empty threat – ‘scareware’ designed simply to incite panic and prompt payment.
The company added that publishing stolen content online is an unpractical step for ransomware criminals as it increases their internet footprint, making it easier for cybercrime police to trace their activities.
The security researchers advise that if a system is under threat from the Chimera attack, targets should ignore the demand for payment and call on an experienced system administrator to remove the virus. Botfrei warns that all data should be kept up-to-date and that anti-virus measures and security patches are renewed regularly. The company also urges that suspicious emails should be treated with caution and that links and attachments should never be opened.