Rivalry between crooks benefits innocent users, for once

Jul 26, 2016 21:20 GMT  ·  By

The author of the Petya and Mischa ransomware families has leaked the decryption keys of a rival ransomware variant called Chimera.

The keys are available online, and security researchers from Malwarebytes have started working on a decrypter to help users infected with Chimera to automate the decryption process.

Chimera is a ransomware variant that appeared at the beginning of November 2015, and with time, it evolved to offer an affiliate program for crooks who wanted to earn money by distributing the malware to new victims.

Rival crook hacks Chimera servers

Twitter user Janus, the operator of a RaaS (Ransomware-as-a-Service) portal on the Dark Web, published the Chimera keys a few hours ago, along with a statement explaining his actions that you can read in full below.

Janus claims that he managed to gain access to the infrastructure behind Chimera at the start of 2016, from which he stole parts of the ransomware's source code, which he also used for his Mischa ransomware.

After access to his rival's server served his purpose, Janus then pillaged all the Chimera decryption keys he could find and uploaded them online, in an effort to ruin his competition's "business."

The keys he leaked are the private decryption keys that victims receive when they pay the Chimera ransom. With these keys out in the open, users have no reason to pay the ransom.

Janus may have leaked all these files, just to get attention to his Petya & Mischa RaaS service, which was officially released a few hours before.

Like the analysts already detected, Mischa uses parts of the Chimera source. We are NOT connected to the people behind Chimera.
Earlier this year we got access to big parts of their deveolpment system, and included parts of Chimera in our project.
Additionally we now release about 3500 decryption keys from Chimera. They are RSA private keys and shown below in HEX format.
It should not be difficult for antivirus companies to build a decrypter with this informations.
Please also check our RaaS system, which now has its registration opened: [REDACTED]
LINK: https://www.sendspace.com/file/0fk7wj
Petya/Mischa dev leaking Chimera decryption keys on Twitter
Petya/Mischa dev leaking Chimera decryption keys on Twitter

Photo Gallery (2 Images)

Chimera ransom note
Petya/Mischa dev leaking Chimera decryption keys on Twitter
Open gallery