Chimera ransomware keys leaked by rival malware developers

The operators behind the Petya and Mischa double-pack of ransomware trouble have been busy entrepreneurs this week, delivering a one-two punch to the competition.

One of those punches was to offer the two variants via Ransomware-as-a-Service (RaaS) so that any wannabe crook can become an official distributor.

The second punch: purportedly skewering a rival gang by releasing about 3,500 RSA private keys allegedly corresponding to systems infected with the ransomware Chimera.

On Tuesday, the operators posted those keys onto Pastebin, saying that this should enable someone to create decryptors for this older ransomware.

Here’s what the Mischa developers had to say:

Earlier this year we got access to big parts of their deveolpment [sic] system, and included parts of Chimera in our project.

Additionally we now release about 3500 decryption keys from Chimera.

It will take some time to determine if the leaked RSA keys will actually work to decrypt files locked up by Chimera and for someone to write a decryptor program, but for now, there’s at least hope that victims can get their data back. So don’t delete those encrypted files yet!

Unfortunately, it’s not time to relax: not by a long shot. Given the new affiliate system, which gives participants a chance to distribute the malware for a chunk of the profits, the RaaS variants are poised to be spread far and wide.

Lawrence Abrams, the founder of tech support forum

Unfortunately, this will most likely lead to a greater amount of distribution campaigns for this ransomware.

What to do?

We regularly offer advice on preventing (and recovering from) attacks by ransomware and other nasties.

Here are some links we think you’ll find useful:


(Audio player above not working? Listen on Soundcloud or access via iTunes.)