The devs behind the Mischa and Petya ransomware have leaked approximately 3500 RSA decryption keys for the Chimera Ransomware. These keys are in hex format, but can be converted back to their normal format and used within a decryptor by a security company or professional.
Though the Chimera Ransomware is no longer active and nobody has stated that they will be using these keys to create a Chimera Decryptor, I would expect one will be released soon.
Now publishing leaked #chimera #ransomware keys: https://t.co/MRiugNDLlh @hasherezade
— JANUS (@JanusSecretary) July 26, 2016
According to the Petya devs, Mischa uses some of the source code from the Chimera Ransomware but otherwise have no affiliation with this ransomware. According to the devs, at some point they gained access to the Chimera development system and used some of their Chimera code in their own project.
Like the analysts already detected, Mischa uses parts of the Chimera source. We are NOT connected to the people behind Chimera. Earlier this year we got access to big parts of their deveolpment system, and included parts of Chimera in our project.
- @JanusSecretary
While they gained access, it appears they took the Chimera decryption keys along with the code. If a decryptor is released, we will be sure to let everyone know at BC.
Comments
DodoIso - 7 years ago
Wow! Criminals eliminating their competition?
Angoid - 7 years ago
Well, legitimate businesses compete with other legitimate businesses, so why should things be different amongst criminal outfits?
The only real difference is that legit companies follow rules, regulations and laws.
NoMoreRansom - 7 years ago
There is a free Decrypter for the 3500 Chimera keys available on the NoMoreRansom.org Platform. www.nomoreransom.org
Lawrence Abrams - 7 years ago
Thanks for letting us know.