Attention! Crypto-blackmailers

Blackmailing used by ransomware, which encodes users’ data for further decoding for users’ money, becomes more and more intricate.
Certainly, frauds intend to boost their revenue creating new tricks.
 
Today we are going to talk about “Chimera”. It is a novice in the market of ransomware; this software works only with high-profile clients.
 
As a rule, large businesses take care of their data, especially because these data rather often contain valuable information for tax and law-enforcement authorities. In other words, Chimera is Robin Hood of the 21^st century. Such a rogue of rogues, a racketeer. A prominent businessman is ready to pay not large, according to his standards, amount just to get rid of headache and receive his documents back.
And the amount requested by ransomware for decoding data is very modest, if to see it in Bitcoins, it is only USD 638. Not that much for a large company?!
 
When any greedy businessman considers the offer as impudent and sassy, the program will threaten him that in case of defiance (and refusal to pay) all files will be published online!
 
The worst thing is that it is no joke. Chimera is not a script written by a student in between lessons; it is very serious software.
 
Crypto-blackmailer encodes all data on all drives, including a network drive. All documents’ extensions are changed for .crypt. To make pressure on a victim more impressive, the program can affect one or several end-users to demonstrate its abilities.





Let’s see another specimen of crypto-blackmailer – CryptoWall. It is also rather new program. The program replaces names of all files with symbols, letters and figures, generated at random. The software encodes data using special file-encryption key 2,048-bit RSA. If it is adjusted correctly, it is impossible to hack it (the key). 
Simple blackmailing is not quite interesting, therefore, developers of ransomware decided to add emotional distress to a victim in the form of greeting with joining the list of losers affected by CryptoWall.
 
A content of a message is roughly as follows:
“Greetings … we have encoded your files; to decode them you have to become an authorized user and receive a special key for decoding (decryption).  Moreover, you also need software capable of decoding your files with the key. Do not make any arrangements on your own, otherwise you risk losing your documents forever.”
 
The above-cited text is not the original, but the meaning is clear. You have to pay!
 
Such software is rather modern and complies with all requirements of antivirus programs and browser bots responsible for recognizing scum. Thus it is almost impossible to insure against it. Well, unless you never download anything from the Internet. As ordinary software, ransomware is updated and keeps pace with the times: it is clear if we look at income from these programs. According to some researches, the number is over USD 300,000,000. Well, with such income it is possible to make updates every minute.

This kind of racket is blooming and strikes roots. Who would like to close so much profitable albeit illegal business? Even FBI hasn’t succeeded to trace the sources of ransomware; FBI recommended giving up and paying the required amounts to those frauds.
Note, there is no guarantee of files’ return – it would be ridiculous; but program failure, even if it provides a decoding key, is possible, therefore, restoring files would be impossible, as well as repayment of the amount paid.
 
Of course, if your files cost hundreds of thousands dollars, 700$ would seem a nonsense and the problem would be solved quickly; however, you should realize that meeting the requirements of blackmailers does not give 100% solution – as luck would have it, the final word belongs to a user.