Chimera cryptographic competitors "leaked" his encryption keys to the network

The usual malware that disrupts the system and trojans stealing personal data has replaced the first type of cybercrime in the past few years: extortion through encryption of personal data.

This topic has not once been understood on various resources, including news. We saw a lot of things: cryptowalkers, attacking individuals, cryptogenerators, attacking state and commercial institutions, Malware, using pop-up windows, manipulating ordinary users and playing on their legal and technical illiteracy. There was even software tritely deleting files, when, as a victim, it was reported that they were encrypted.
')
Until recently, extortion programs peacefully coexisted with each other. But, apparently, there was a shortage of victims at all, as network users became more aware of new types of threats, and anti-virus companies did not stand still. And, as a result, keys appeared in the network for deciphering data affected by the Chimera cryptographer and, apparently, “leakage” is the work of competitors.

According to available information, the source of the "plum" is the author of another cryptographer - Mischa. According to a post posted on pastebin , the author Mischa has laid out in free access more than 3,500 decoding keys from Chimera.

Previously, information security researchers from the malwarebytes team noticed that there is a similarity between the Mischa code and Chimera. The creator of Mischa does not deny this: “earlier in this goal we got access to the dev-part of Chimera and used some solutions in our development”.

Besides the fact that the 3500 keys from Chimera in public access will cause great financial damage to the owners of the cryptographer, it also casts doubt on the continued existence of Chimera as such. This was also explicitly mentioned by the developer of Mischa himself, who provided the data: “I don’t think that it would be a problem for antivirus companies to create a decryptor using this information.”

Why choose Chimera? In addition to having some inside information from the developers of Mischa, Chimera was also successful. Instead of simply following the mainstream and threatening the user with the complete loss of his data, the creators of the compromised cryptographer went further: they threatened to put the victim's personal information in an unencrypted form. And if many people could accept the loss of photos, videos and letters, then the publication of private information for many became a serious incentive to pay criminals. True, there were no precedents with similar publications, so it is not known whether all the victims of Chimera paid, or the owners of the cryptographer were trivially bluffing.

According to the malwarebytes team, it will take some time to check if the published keys are working, but they recommend waiting for Chimera victims. If the “sink” turns out to be reliable, then the published information will help thousands of users around the world recover their information without any financial loss.