Criminals are increasingly using ransomware – Chimera ransomware for example – to extort victims. Ransomware encrypts certain file types with a powerful algorithm that cannot be unlocked without a security key. Unfortunately, the only person to hold that key is the hacker responsible for the ransomware infection.
Organizations and individuals that perform regular data backups can avoid paying the ransom demands and not face losing important files. If files are encrypted, they can be recovered from backups – provided of course that regular backups of critical data have been performed. Worst case scenario: Some data may be lost, but not a sufficient amount to warrant a ransom being paid.
Criminals are aware of this failsafe and have recently started to up the stakes. The criminals behind Chimera ransomware have been found to be using a new tactic to scare victims into giving into their demands. Even if a backup file has been made, victims can be easily convinced to pay the ransom. They are told that if the ransom is not paid, the files will be made public. Confidential information will be posted on darknet sites or listed for sale in online marketplaces.
Criminals Target Businesses and Encrypt Critical Files Using Chimera Ransomware
Hackers are known to send ransomware out randomly. The more computers that are infected; the more ransoms can be collected. Chimera ransomware on the other hand is being used more specifically, and small to medium sized businesses are being targeted. This stands to reason. An individual may not be willing, or able, to pay a ransom. Businesses are different. They may have no choice but to pay to have files unlocked. If data are posted online, the potential cost to the business could be far higher than the cost of the ransom.
How are computers infected with Chimera ransomware?
Spam emails are sent to specific individuals within an organization. Those emails contain innocent looking email attachments: the types of files that would commonly be received by the individuals being targeted. Business offers are sent, applications for employment, or invoices.
Attachments may not be opened or could be blocked by spam filters. To get around this issue, hackers often send links to cloud-storage services such as Dropbox. The user clicks the link and downloads the malware thinking it is a genuine file.
Once installed the malware gets to work encrypting files stored on local and mounted network drives. The user is not made aware of the infection until their computer is rebooted. In order to unencrypt files, the end user must pay the ransom. This is typically $500 in the form of Bitcoins.
It is not known whether hackers have acted on their threats to publish company data. Many businesses have been too scared to find out and have given in to the ransom demand.
How to protect your business from Chimera ransomware
There is no such thing as 100% protection from Chimera ransomware, but it is possible to reduce the risk of infection to a minimal level. Installing Anti-Spam solutions can prevent malware from reaching inboxes; however not all products offer protection from phishing links.
SpamTitan software on the other hand employs a powerful spam filter which uses dual AV engines to maximize the probability of malicious emails being caught. It also includes an anti-phishing module to protect against phishing links. If you don’t want to have to pay a ransom to recover your data, installing SpamTitan is the logical choice.