OK, Heads Up! This has not hit U.S. shores yet, but it's just a matter of time. This nasty bit of crimeware is being beta-tested in Germany at the moment, and that is where the reports surfaced a few days ago at the German Anti-Botnet Advisory Centre.
Chimera combines a ransomware infection with extortion, trying to make organizations pay even when they have good backups. This cyber-mafia sends spear-phishing attacks to specific employees with job offers or business proposals with a link to a malicious payload hosted on dropbox.
It starts as a "normal" ransomware infection, encrypts both local and network files and throws up a ransom note for 2.5 Bitcoin, which at the current Bitcoin rate of 388 dollars is almost a thousand bucks. But the note shows that Chimera's evil creators take things to a new low. In it, they claim that if they are not paid, they will publish the files on the Internet. It's not clear just yet if the ransomware program does indeed siphon off the files before or after encrypting them. But the threat itself could be enough to make organizations who do have backups into paying, because key files that have left the building illegally could constitute a very expensive data breach with all its highly unpleasant consequences.
In the first six months of 2015, the number of ransomware attacks equaled the total number in all of 2014. That shows you how widespread this problem is becoming for businesses of all sizes. It is entirely possible that you or someone in your organization will be held ransom at some point — a scenario that could have a devastating effect.
Update 11/23/2015 - Chimera seems not to be active at the moment and seems dead. We will report if this monster "reincarnates" in another form.
Learn how you can prevent such an attack and protect your organization by downloading KnowBe4's Ransomware Hostage Rescue Manual: The most informative and complete hostage rescue manual on ransomware:
