Types header


Name Chimera
Type Crypto-ransomware
Short Description This is one of the nasty ransomware in the wild. Unlike other ransomware it does not encrypt and demand the ransom from the victim , it threatens the victim stating that if the ransom is not paid the files of the victim will be published along with the credentials that are stolen from the victim .
Symptoms Files become inaccessible, the display of the victim will be as shown below
Distribution Method Spam mails

 Chimera 1

Chimera 2

More Details Once this ransomware infiltrates the victim’s device it drops some payload on the victim’s device . This is done in order to make itself more powerful so that it will remain persistent even when the victim’s device is rebooted after the infection. This ransomware changes the extension of the infected files into .Crypt format. The minimum ransom that this ransomware demands is $685 approx till date. Once the payloads are dropped in the victim’s device it starts scanning the victim device for some specific files, then once the scanning is done completely it starts to encrypt the files using its own specific algorithm. The infected files extension are changed into .Crypt format and those files become inaccessible. Once the files are encrypted this ransomware drops a HTML script tag in the device and when the victim clicks on it, this will be opened through internet explorer . This tag will contain the instructions for paying the ransom. If the victim does not show any interest on paying the ransom it moves one step ahead, unlike other ransomware this ransomware threatens the victim stating that if the victim does not pay the ransom amount the files that are encrypted will be published online along with the credentials that are stolen from the victim. This is a surprise move from this ransomware which takes the victim a step aback. This leaves the victim no other than to pay the ransom. The victim will not be able to retrieve the files that are encrypted because this ransomware will delete the shadow file copies that are present in the victim device too.