Malware that first appeared in September is now building a ransomware-as-a-service business.
In a weird twist on Stockholm Syndrome, the Chimera ransomware is taking victims hostage, then recruiting them to be part of the criminal team, according to researchers at Trend Micro's Trend Labs.
Compared to other ransom messages, Chimera's is refreshingly brief, straightforward, and polite: it says "please" twice. What's particularly noteworthy, though is the addition at the bottom:
"Take advantage of our affiliate program! More information in the source code of this file."
The disassembled code does actually contain contact info -- a Bitmessage address through which both parties can have their identities masked and their communication encrypted. From the report:
Peddling ransomware as a service (or RaaS) has some advantages. RaaS lessens the possibility of the illegal activity being traced back to the creators. Selling ransomware as a service allows creators to enjoy some profit without the increased risk of detection. For Chimera, the commission is 50%, a large payoff for lesser effort.
The drawback of the model is that the code itself is less sophisticated -- with a weak command-and-control infrastructure and no obfuscation techniques.
Chimera first appeared on the scene in September, demonstrating another unique tactic -- threatening to publish a victim's files online if payment is not received. The threats, however, might be empty. According to TrendLabs, "our analysis reveals the malware has no capability of siphoning the victim's files to a command-and-control (C&C) server."
It's not uncommon for ransomware to make empty threats. As Engin Kirda, chief architect at LastLine, has told Dark Reading before, some ransomware claims to encrypt files when it can't. Yet, as Michael Sentonas, vice president and chief technology officer of Security Connected for Intel Security, wrote on Dark Reading, "It is not clear if Chimera actually exports your files and can carry out the threat, but if it cannot, the next one will."
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024