Cybersecurity firm Sophos reported the authors of Mischa ransomware program gained access to the development platform of a rival program called Chimera this week, and posted thousands of Chimera decryption keys online. The reasons for why Mischa gathered such codes are unclear, except for maybe the fact that Chimera and Mischa are big time rivals. Regardless the forecast looks promising for antivirus companies and users alike. About 3500 decryption keys went live on Pastebin.
Chimera not only encrypts user data, but also threatens to publish the data in plain text if payment is not met in full and in a timely fashion. So far, there is no evidence that Chimera enforcers have followed through with this threat. The threat alone seems enough to motivate victims to pay whatever ransom Chimera chooses. Clever tactic to put victims between a rock and a hard place and guarantee payment.
“it should not be difficult for antivirus companies to build a decrypter” – Mischa
Mischa says they received access to Chimera’s development system earlier this year even though Mischa developers explain they are not involved with Chimera.
Sophos cautions users that things of this nature take time, stating, “it will take some time to determine if the leaked RSA keys will actually work to decrypt files locked up by Chimera and for someone to write a decryptor program, but for now, there’s at least hope that victims can get their data back.”
For any of those following the rise of malware and ransomware tactics, this is a huge break. If you are a victim of Chimera, keeping your encrypted files just a bit longer could mean getting your data back if the encryption keys turn out to be legit.
If you would like to educate yourself in more detail about the information in this blog post please visit : www.pcmag.com
