Chimera Ransomware focuses on business computers

It’s been a couple of weeks since a new ransomware showed up, spreading through false job applications or business offers. This new ransomware with the mystic greek name „Chimera“ tries to infect computers in a business enviroment and to get the access to hard drives and sensitive corporate information.

Several variants of sender adresses try to target specific employees within a company and they have one thing in common: within the email, a link points to a source at dropbox, claiming that additional information has been stored there. The users get asked to download these files from there.

The download of the trojan automatically starts after clicking on the link. At the same time, the trojan immidiately starts with the encryption of the local data, but not only on the local drive, it even starts encrypting connected network drives by changing all files to the extension .crypt

After rebooting the computer and logging on again, a warning message shows up all over the desktop and the user can’t take any further action any more. The black warning message asks you to pay a bribe of almost 630 EUR in Bitcoins to get the data released again. To frighten the user even more, the message indicates the threat to publish personal data and pictures somewhere on the internet – if the user doesn’t pay the bribe.

At this point, there is no evidence whether personal data has been published on the internet or not – same as we haven’t heard of a case where the cybercriminals have released the data after paying the 630 EUR in Bitcoins.

NEVER ever pay the criminals. Not only does it perpetuate these types of scam but, you have no guarantee they will give you back access to your data and even if they do they have probably put a backdoor on your system so they can extort further payments from you in future. Either way, it’s blackmail and they need to be caught and punished not rewarded with a payment.

If your reading this BEFORE you have been hit by this scam, make sure you ALWAYS have backups of your data and DO NOT leave it connected to your computer. Nor should you try to restore your backups if you do not know what your doing as you may well end up infecting that data also and then your really stuck.

Security companies do release ‘decrypters’ to counter these types of threat however they are usually slow to come out. It’s no easy task to decrypt data that has been targeted in this way so prepare for a wait…unless you have that back up of course.

For free advice on any security related issue please contact us using the link in the menu and we’ll be happy to help if we can.

(NOTE: There are now fixes for ransomware available form antivirus vendors but be sure to ONLY use products from a recognised and reputable company)