Ransomware is one type malware which cryptographically locks the victim's hard drive until the victim pays a ransom. It is an extremely popular method among cybercriminals. This tactic is so successful that some ransomware makers have started sabotaging others' ransomware in an attempt to stave off competition.
At the beginning of this week, 3.500 keys were leaked to the internet for one item ransomware known as “Chimera”, which supposedly allows Chimera victims to safely decrypt their files without having to pay a ransom in bitcoins. The decryption keys were apparently published by the adversary manufacturers packetransomware called “Petya & Mischa”, which I claimedthat they violated the Chimera development system, seized the keys and pieces of the code.
Chimera is a particularly nasty type of ransomware that not only locks the victim's hard drive, but threatens to leak their confidential files Online εάν δεν καταβληθούν τα λύτρα. Δεν είναι ακόμα σαφές εάν τα κλειδιά που διέρρευσαν θα λειτουργήσουν και θα αποκρυπτογραφήσουν πραγματικά τα κλειδωμένα μηχανήματα που έχουν επηρεαστεί από το κακόβουλο λογισμικό, ωστόσο, η εταιρεία ασφαλείας Malwarebytes, που παρατήρησε πρώτη τη leakage, states that it will take some time to review them.
In any case, the developers of Petya & Mischa seem to have shared these keys to "promote" their own ransomware, which is based on the stolen Chimera code now is offered as a service in Tor, to those cyber criminals wanting to earn some bitcoins out of it.
Looks like someone unheralded has started war among criminals. Earlier, ransomware developers said they were outraged by a recent fake ransomware, which displays scary messages but doesn't actually unlock the victim's hard drive when they pay a ransom. The criminals' rationale is that fake ransomware could trick people into believing they can't get their files back if they're hit by real ransomware, putting future earnings at risk.
