VPN Articles and News

Chimera Ransomware Uses P2P Technology To Steal User Data

By Paul Liu
Wednesday, April 6th, 2016

Security experts have come across a new type of ransomware that uses Peer to Peer technology to steal personal data from users. Dubbed as Chimera, the ransomware was in the news recently when its creators threatened to leak stolen information of the victims who failed to heed to their ransom demands. While there is no evidence that the people behind the ransomware have actually carried out their threats and leaked data online, the technology used to create the malware has set the alarm bells ringing among the security firms.

As per the investigation carried out by the security experts, Chimera relies on an obscure type of P2P messaging system, BitMessage, to relay data to the attackers’ servers. BitMessage makes it easy to send encrypted messages without relying on user-defined keys which makes it an extremely secure messaging system. While the messaging system was designed to help people communicate in a secure manner, it is now being exploited by criminals to carry out nefarious activities. The use of P2P technology by the developers of Chimera makes it extremely difficult, if not impossible, for the security companies to find the origins or the infrastructure being used by the criminals.

The Chimera ransomware was first discovered by Botfrei, the Anti-Botnet Advisory Centre run by the German Association of the Internet Industry. As per the agency, the malware propagated via an innocuous job enquiry email which asks about the positions available within the victims’ companies. The email also contains a link to a Dropbox file which is presented as the location where qualifications and other personal details of the job applicant are stored. As soon as the victim clicks on the link, the malware springs into action and starts encrypting files, photos and other personal data stored on the victim’s computer.

After encrypting user data, the malware waits patiently till the computer is shut down or rebooted. When the computer is rebooted, the victim sees a short message regarding the theft of his personal data and asking for a ransom amount (about 630 Euros). The message also threatens the victim that his personal information would be leaked online should he fail to pay the ransom amount. And for those who are willing to pay the ransom amount, the message even promises to send the decryption keys. Since all the messaging is done through P2P technology and the payment is accepted via bitcoins, it becomes next to impossible for the investigators to locate or catch the perpetrators of the attack.

Botfrei has advised the victims of the Chimera ransomware not to get intimidated or pay the ransom amount. However, the FBI has taken a diametrically opposite stance and has asked the victims to co-operate with the attackers to get their data back. Security firms which have analyzed the code of the malware have deduced that the malware is not actually capable of stealing any personal data. Evidence also suggests that the malware is no longer a threat and is on the verge of shutting down. However, it goes without saying that Chimera has laid a solid foundation for future ransomware attacks which would be extremely difficult to trace or get rid of without facing severe repercussions.