Ransomware is big business, especially for those who build it to sell to third parties. Naturally, there is some level of competition between the many malware vendors; some of which who are willing to take extreme measures to cripple the competition. The cybercriminals behind the ‘Mischa’ ransomware are claiming to have released the encryption keys from their rivals behind the ‘Chimera’ ransomware.
The Mischa group uploaded a post on Pastebin, informing the world of its work; and possibly looking to shame Chimera. “Like the analysts already detected, Mischa uses parts of the Chimera source. We are NOT connected to the people behind Chimera. Earlier this year we got access to big parts of their deveolpment (sic) system, and included parts of Chimera in our project.
Additionally we now release about 3500 decryption keys from Chimera. They are RSA private keys and shown below in HEX format. It should not be difficult for antivirus companies to build a decrypter with this informations.”
Identified in December of last year, Chimera does more than simply encrypt data. The ransomware also threatens to post victims’ stolen data online in plaintext if the ransom is not paid. That being said, there is no confirmation that the malware has actually done this.
It will take researchers a little longer before they are able to verify the authencity of the decryption keys, and Chimera victims are advised to be patient. For others, the release of this information is the death knell for Chimera.
That being said, the fact that there are cybercriminals willing to take each other down is a sign of just how lucrative malware-as-a-service is. There’s a lot of money to be made selling this sort of thing, and it is probably that this act of war between two groups is only the tip of the iceberg.
[Source: Ars Technica]