When ransomware authors compete on the black market, sometimes victims benefit. This time we got access to private keys of the Chimera ransomware. They have been leaked online and shared by another cybercriminal – known for being the author of Petya.
The person under the handle JanusSecretary, made a public announcement on Twitter today:
In the linked message, he admits using parts of the Chimera sourcecode in his Mischa ransomware:
However, as we can conclude from his message, he is not its author but rather a Chimera team’s competitor. That’s why he decided to share the private keys of their product, allowing some of the victims to recover their encrypted files. You can find the mirror of the dump here.
Checking if the keys are authentic and writing a decryptor will take some time – but if you are a victim of Chimera, please don’t delete your encrypted files, because there is hope that soon you can get your data back.
UPDATE: our analysis of the leaked keys and decrypting Chimera ransomware
Appendix
/blog/threat-analysis/2015/12/inside-chimera-ransomware-the-first-doxingware-in-wild/