A new piece of crypto-ransomware is targeting German companies: it’s called Chimera, and the criminals behind the scheme are threatening to release sensitive corporate data on the Internet if the targets don’t pay the ransom.
The threat is delivered via fake emails from different addresses, apparently from individuals who want to either get a job with the target company or offer a job to an employee of the company.
Whatever the variant of the email is, it contains a link pointing to a Dropbox address, where additional information is ostensibly stored, waiting to be perused by the targets.
Unfortunately for those who fall for the trick, the downloaded file is actually the ransomware. Once installed, it proceeds to encrypt local data and that on other network drives, to lock the computer and show the following ransom note:
The criminals are asking for 2.45 Bitcoin (around €630/$694) to decrypt the files, and if the victim doesn’t pay up, they promise to publish his or her personal documents, photos and videos, along with their name, on the Internet.
According to Botfrei researchers, who first warned (original in German) about the malware, there is no indication or evidence that the criminals have actually stolen files from infected systems before encrypting them, or that they have published any of them online.
In fact, it’s very likely that this is an empty threat, made simply to spur users to pay the ransom. As Bob Covello rightly notes, exfiltrating that many documents from victims would mean the attacker have to have huge amounts of storage space, and the trail to the storage location would be easy for the authorities to trace.
“Another problem with the edentulous threat posed by this ransomware is that the implication of a threatened personal information disclosure would assume that someone is combing through the files for that personal information,” he pointed out.
“This is a level of involvement that most ransomware criminals do not want to broach. Ransomware is designed for a quick payday for the criminals with little interaction with the victim.”
Nevertheless, people who haven’t backed up their important files will be tempted to pay the requested amount. Hopefully there aren’t many of them.