A new variant of the Chimera ransomware Trojan has been spotted “in the wild” by the anti-botnet advisory centre, Botfrei.
The “blackmail Trojan” has been found targetting specific employees in German companies by the Cologne, Germany-based organisation, propagated via phishing emails promising new jobs.
The emails contain a link to a document supposedly stored on Dropbox, but which instead loads the Trojan onto the target’s PC.
“If the link is clicked, an encryption Trojan is actually loaded onto the computer that instantly begins to encrypt local data, as well as data on network drives (with the file extension .crypt),” warns Botfrei.
It continues: “After rebooting and logging-in to the computer, [the user finds] that is also locked and an extortion message fills the desktop. About €630 – 2.45 bitcoins – are required to release the data by the criminals. Should the requirement not be complied with, the user is threatened with the publication of the photos and personal information on the internet.”
Botfrei added that there is no evidence of personal data having been published online as a result of the ransomware demand not being met – yet.
Security analyst Bob Covello, writing on the website of security services company Tripwire, described it as a “scary development” but added: “I am willing to make a bold prediction that it is a scare tactic with no teeth.”
He continued: “Take a moment to examine the amount of data stored on your computer. If you are like most folks, you are probably storing gigabytes of data. Documents are small, but all of those photos, videos, music files and all of the other targets of modern ransomware add up to an enormous amount of data.
“One particular strain of ransomware is known to have successfully targeted more than half-a-million machines… If the data of those half-a-million machines was exfiltrated to an external entity, not only would the storage amount to a massive collection, but the trail to the storage location would be easy for the authorities to trace.
Furthermore, combing through someone’s files, whether remotely or uploaded to somewhere on the internet, in a bid to find some embarrassing photos will likely be too much work for the average cyber crook. “Ransomware is designed for a quick payday for the criminals with little interaction with the victim,” added Covello.
“Most people who pay the ransom do so only because they are in the unfortunate position of not having a good backup. Not only is there no added incentive through the threat of information disclosure but the storage of such vast amounts of victim data would beat a neat path to the criminal’s door,” he concluded.