When businesses compete with each other, consumers benefit. Similarly, when hackers compete, it is the victims who benefit and same is the case with Chimera Ransomware whose keys were leaked by competition. The developer of the Petya and Mischa ransomware have leaked around 3500 RSA decryption keys of its competitor Chimera Ransomware.
Chimera Ransomware surfaced at the beginning of November 2015, encrypting user’s private files and in turn demanding ransom for decrypting it. The malware even threatened victims of publishing all the data if the ransom is not paid.
However, in a blow to Chimera, its competitor, who leaked its keys, Petya devs, @JanusSecretary, announced,
Chimera Ransomware keys leaked
For victims of Chimera Ransomware, although the leaked keys are in the hex format, they can be easily converted to normal format and used within a decryptor by security experts or antivirus companies.
As per Petya devs, homegrown Mischa uses some of the source code from the Chimera Ransomware, although they have no affiliation with this ransomware. Janus, claims to have gained access to the infrastructure behind Chimera since the start of 2016.
“Like the analysts already detected, Mischa uses parts of the Chimera source. We are NOT connected to the people behind Chimera. Earlier this year we got access to big parts of their development system, and included parts of Chimera in our project. Additionally we now release about 3500 decryption keys from Chimera. They are RSA private keys and shown below in HEX format. It should not be difficult for antivirus companies to build a decrypter with this information. Please also check our RaaS system, which now has its registration opened: http://janusqqdo2zx75el.onion/”, said Janus.
The leaking dev, Janus, took the occasion to announce the release of his Petya & Mischa RaaS service, raising enough doubts if the leaks were done to gain attention to the release.
Meanwhile, Post online leak, security researchers from Malwarebytes have started working on a decrypter for affected users.