Competition on the ransomware market is the same as on any other market and almost every day emerging new samples of ransomware. Creators of Petya reported via Twitter that they got rid of one’s competitor by their own. Hackers say that they have cracked “colleagues” who have created Chimera ransomware, and made publicly available keys for data decryption.
— JANUS (@JanusSecretary) July 26, 2016
Someone hiding under the pseudonym – Janus, distributed on Twitter (@JanusSecretary) a link to Pastebin, where the keys have been published for the Chimera, as well as the official statement of the authors of Petya and Mischa:
“As analysts have noted, Mischa is partly built on the Chimera source. We are not connected with the people who are behind the creation of Chimera. Earlier this year, we had access to a large part of their system design and included part of Chimera to our project.
Now, in addition to this, we are publishing more than 3,500 keys to decrypt the Chimera ransomware. These are private RSA keys, which are shown in HEX format. With this information, antivirus companies will be able to easily develop the software for decryption.”
Information security experts are actually already engaged in the analysis of the leak. So, the experts from Malwarebytes write that the keys are clearly published by not the creators of Chimera and so far, they are engaged in verification of the information:
“To be sure that these keys are authentic and to create a tool to decrypt the data, will take some time. But if you have suffered from Chimera, please do not delete encrypted files, because there is hope that soon you will be able to restore them.”
Although the publication of the keys of someone’s ransomware – it’s definitely an attempt to harm the competitors, we should not lose sight of the fact that a few hours before the “leak” the authors of Petya and Mischa ransomware presented their own RaaS portal. So now they offer their ransomware software as a service, available by subscription. Perhaps, by compromising a competitor they performed some kind of advertising campaign, as in the end of the message the hackers offer to all who wish to visit their RaaS site in the darknet.
Dump with the keys can be found here (also the experts from Malwarebytes have created a mirror). So, if you were victim of Chimera, do not give up, do not pay the ransom, neither delete your files. There is hope and soon will be a decryption software. Meanwhile, take cautions and protect yourself from other threats that emerge every day by following our articles.