CHIP
NJCCIC Threat Profile
Original Release Date: 2016-12-21
CHIP targets Windows OS and is distributed via the RIG-E exploit kit on compromised websites. Once a system is infected, CHIP downloads a unique RSA-512 encryption key from its C2 servers. This key is used to encrypt the AES encryption key that CHIP uses to encrypt the victim’s files. It appends .chip to the end of encrypted file names and drops a ransom note named CHIP\FILES.txt_ on the system. Because of the methods of encryption used, security researchers do not believe that a few decryption tool could be made for this variant. The ransom demand is currently unknown.
UPDATE 12/10/2016: A new version appends .dale to encrypted files and drops a ransom note named DALE\FILES.txt_.
Featured Content
- Sextortion & Romance Scams Continue with New Tactics>
- Increase in Reports of Gift Card Scams>
- Phishing-as-a-Service Operation Identified>
- Vaccination Lures in Recent Phishing Campaigns>
- Cryptocurrency Scams Increase>
- FortiGate SSL-VPN Credentials Leaked by Threat Actors>
- Microsoft Patches Several Actively Exploited Flaws>
- Updates Available for Actively Exploited Flaws in Apple Devices>
- Back-to-School Cybersecurity>
- Test Your Cybersecurity Knowledge - Take Our Cyber Quiz Today>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.