Cyber Criminals Out Rival Gangs Ransomware Keys
Posted by: Timothy Weaver on 07/29/2016 09:41 AM
[
Comments
]
The cyber criminals behind the Petya and Mischa ransomware programs have hacked into a rival gangs servers and leaked 3,500 RSA private keys allegedly corresponding to systems infected with Chimera ransomware.
According to a post on Pastebin, they also got the source code for Chimera which they incorporated into their own ransomware.
MalwareBytes confirmed the post and said that they have found Chimera code integrated in Mischa.
So far there is no confirmation about the authenticity of the RSA keys, but researchers believe they are legit.
Malwarebytes researchers said Tuesday: "Checking if the keys are authentic and writing a decrypter will take some time – but if you are a victim of Chimera, please don’t delete your encrypted files, because there is a hope that soon you can get your data back."
Chimera was different from other ransomware as the malware threatened to release victim files on the internet unless the victim paid up. There has not been any evidence that the crypto criminals ever followed up on the threat, but it is thought that it was merely a leverage point to make the victims pay up.
As of Tuesday, the creators of Petya and Mischa have launched an affiliate system whereby hackers can purchase the ransomware as a service. This means other criminals can begin distributing the ransomware.
Lawrence Abrams, the founder of tech support forum BleepingComputer.com, said: "Unfortunately, this will most likely lead to a greater amount of distribution campaigns for this ransomware."
Source: Computer World
According to a post on Pastebin, they also got the source code for Chimera which they incorporated into their own ransomware.
MalwareBytes confirmed the post and said that they have found Chimera code integrated in Mischa.
So far there is no confirmation about the authenticity of the RSA keys, but researchers believe they are legit.
Malwarebytes researchers said Tuesday: "Checking if the keys are authentic and writing a decrypter will take some time – but if you are a victim of Chimera, please don’t delete your encrypted files, because there is a hope that soon you can get your data back."
Chimera was different from other ransomware as the malware threatened to release victim files on the internet unless the victim paid up. There has not been any evidence that the crypto criminals ever followed up on the threat, but it is thought that it was merely a leverage point to make the victims pay up.
As of Tuesday, the creators of Petya and Mischa have launched an affiliate system whereby hackers can purchase the ransomware as a service. This means other criminals can begin distributing the ransomware.
Lawrence Abrams, the founder of tech support forum BleepingComputer.com, said: "Unfortunately, this will most likely lead to a greater amount of distribution campaigns for this ransomware."
Source: Computer World
Comments
