Private keys of the Chimera ransomware have been leaked by a rival cybercriminal.
Rather than "white hat" activity, the good deed appears to have be done by a criminal going by the handle of Janus - known for being the author of Petya - who tweeted their competitor's (Chimera) keys in an apparent bid to stifle ransomware competition. In the linked message, Janus admits using parts of the Chimera sourcecode in their Mischa ransomware.
Security researchers from anti-malware firm Botfrei spotted Chimera targeting German SMBs last November. The threat was never particularly prevalent.
As well as encrypting files, Chimera threatens that - in cases where the ransom is not be paid - stolen files will be published, along with pilfered credentials, enabling identification of private and potentially embarrassing data. However there’s no evidence that personal data has actually been published on the internet. It may be that the empty threat was made solely with the intention of scaring victims into paying even in cases where they had backed up compromised data or weren’t disposed by cave in to extortion for some other reason.
Security firm Malwarebytes - which spotted the leak Chimera’s private encryption keys - advises victims to hang tough.
“Checking if the keys are authentic and writing a decryptor will take some time – but if you are a victim of Chimera, please don’t delete your encrypted files, because there is a hope that soon you can get your data back,” it advises. ®