![]() ![]() Thanks to analysis done by Fabian Wosar of Emsisoft, we are able to see how Chimera uses Bitmessage as its communication method with the ransomware developer. When Chimera infects a user it uses an embedded PyBitmessage application to send a Bitmessage to the developer that contains information such as the victim's private key, the victim's hardware ID, and the victim's payment bitcoin address. Since these messages are transferred through every client connected to the network, the sender's location and identity is kept private other than their non-personally identifiable address. If a client is able to decrypt the message, then the client knows the message was intended for them and shows it in the Inbox. ![]() When a Bitmessage client receives the message it tries to decrypt it using their own private keys. When a message is sent to someone on Bitmessage it is encrypted by the recipient's address, which is also their public encryption key, and sent to every client on the Bitmessage peer-to-peer network. To better understand how Chimera works we first need a quick primer on Bitmessage. Bitmessage is a peer-to-peer messaging application that allows a user to anonymously send encrypted messages that can only be decrypted by the recipient. Unlike other ransomware infections, Chimera does not have a TOR site that users can manage payments and download a decrypter. Instead, Chimera uses the Bitmessage peer-to-peer messaging application to communicate between the victim's computer and the malware developer's command and control server. This creates a decryption service that is incredibly portable, secure, and difficult, if not impossible, to take down as all the peers in the network are helping to distribute the keys. Instead it is its novel approach to distributing decryption keys to paid victims using the Bitmessage peer-to-peer messaging application. This scare tactic, though, is not what makes the Chimera Ransomware interesting. Even though this is a scary threat, the reality is that Chimera does not have the ability to publish your files anywhere. Over the past two weeks there has been a lot of press regarding the Chimera Ransomware and its threats to publish your data online.
0 Comments
Leave a Reply. |