Chimera
NJCCIC Threat Profile
Original Release Date: 2016-08-02
Chimera targets Windows OS and spreads via spear-phishing emails containing a link to a URL or a Dropbox file that hosts malicious downloads. Chimera then encrypts all files on the target system as well as data stored on mapped network drives, changing the file extensions to .crypt. Once that process is complete, Chimera displays a ransom note that threatens to release victims’ private data online if they do not pay. If payment is made, Chimera transfers the decryption key from the C2 server to the infected system using Bitmessage, a peer-to-peer (P2P) messaging application. The ransomware also offers victims the ability to become part of their “affiliate program” by helping infect other systems. Despite threats made by Chimera’s note, researchers determined that this ransomware does not have the capability of publishing victims’ files.
UPDATE 7/28/2016: A rival ransomware developer obtained and released approximately 3,500 decryption keys for Chimera which allowed security researchers to create a decryption tool.
Featured Content
- Sextortion & Romance Scams Continue with New Tactics>
- Increase in Reports of Gift Card Scams>
- Phishing-as-a-Service Operation Identified>
- Vaccination Lures in Recent Phishing Campaigns>
- Cryptocurrency Scams Increase>
- FortiGate SSL-VPN Credentials Leaked by Threat Actors>
- Microsoft Patches Several Actively Exploited Flaws>
- Updates Available for Actively Exploited Flaws in Apple Devices>
- Back-to-School Cybersecurity>
- Test Your Cybersecurity Knowledge - Take Our Cyber Quiz Today>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.