Ransomware has been growing at a very rapid pace nowadays, with variants spreading on the internet like wildfire. To combat this, security researchers have been coming up with methods to decrypt innocent users" files. And just recently, it seems that people are not only benefiting from the good guys, but also from rivalry between cybercrooks.
Just recently, creators of the Petya and Mischa ransomware leaked about 3,500 RSA decryption keys for the ransomware Chimera. One of the authors of Mischa, which goes by Twitter handle name @JanusSecretary not long ago made a public announcement stating that such keys were about to be leaked.
Moreover, in a Pastebin post, he stated that they have gained access to Chimera"s development system, which enabled them to integrate some of its source code onto their own ransomware program, Mischa. Malwarebytes researchers were able to confirm @JanusSecretary"s claim, and they imply that the keys provided might be legitimate, and could help Chimera victims into decrypting their PC. They state:
"Checking if the keys are authentic and writing a decryptor will take some time – but if you are a victim of Chimera, please don’t delete your encrypted files, because there is a hope that soon you can get your data back."
Chimera is one of the many ransomware programs out there, which after encrypting your files, offers the victim a couple of options: they could either pay $2.4 BTC (equal to $1,576 today), or risk getting their files leaked onto the internet. Furthermore, it has something that common ransomware doesn"t have: victims could actually take advantage of Chimera"s "affiliate program", and then spread the malware even further.
The Mischa ransomware appeared about two months ago, as an improvement to the Petya ransomware. Petya requires administrative privileges in order to do its work in encrypting files. However, if this is not granted, the latter will kick in.
You can read our editorial regarding ransomware to know how the malware works, and how you can stay protected in the midst of its meteoric yet alarming rise.
Source: PC World, Malwarebytes Labs | Blue padlock image via Shutterstock