We’ve seen ransomware stories popping up left and right this year, detailing how hackers are making money from a scary, yet creative, type of malware. Just as the name of this attack suggests, ransomware encrypts personal files on a computer, demanding a ransom in order to release them back to users. Victims have to pay up a fee and hope that the hackers decrypt their data instead of simply taking the money and running. Sure, you can always refuse to pay the ransom, and you can try to use one of the publicly available tools that can decrypt your files (Microsoft has one too), but hackers have now devised a new method to convince you to pay up: They’ll expose your files online if you don’t.
According to ComputerWorld, there’s a new ransomware program called Chimera, documented by the Anti-Botnet Advisory Centre, whose creators will threaten victims in such a manner.
The attackers apparently target businesses, tricking certain employees with fake job applications or business offers. The emails contain links to malicious files hosted on Dropbox that will infect the user’s computer. Once that happens, Chimera encrypts local data and on reboot, it’ll ask the user to pay around €630 or $685 in Bitcoin to obtain the decryption key.
In the ransom note, Chimera hackers say that if they’re not paid they’ll publish the user’s files on the Internet. So far, there’s no evidence that any personal data was actually released online, however – but perhaps those affected have simply paid the ransom. Also, it’s not clear whether the malware steals any data from the infected computer before or after encrypting it.
ComputerWorld says that hackers typically don’t upload personal data to a command-and-control server, because said data would require a lot of storage space even if hackers only restrict the theft to certain file types (like pictures). But that doesn’t make this sort of attack any less dangerous.