CHIP Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 5 |
First Seen: | November 22, 2016 |
Last Seen: | March 24, 2020 |
OS(es) Affected: | Windows |
The CHIP Ransomware is a ransomware Trojan that is being distributed using the RIG Exploit Kit, also known as the Empire Exploit Kit. It is a new addition to this exploit kit's arsenal. The CHIP Ransomware itself is not particularly unique and is clearly derived from various other ransomware Trojans that have been active in the last year.
Table of Contents
How the CHIP Ransomware may be Installed on a Victim’s Computer
Most ransomware similar to the CHIP Ransomware is being distributed using corrupted spam email campaigns, making the CHIP Ransomware attack particularly threatening. The CHIP Ransomware is injected into the victim's computer by an exploit kit that takes advantage of vulnerabilities in the victim's applications and operating system. Exploit kits can be used to distribute a wide variety of threats. The Empire or RIG Exploit Kit had already been active for some time. In this case, the RIG Exploit Kit has been used to distribute the CHIP Ransomware, injecting it into the victim's computers.
When the CHIP Ransomware infects a computer, it will download a unique RSA-512 encryption key from the CHIP Ransomware's Command and Control servers. This key is used to encrypt the AES encryption key that was used to encrypt the victim's files. This two-step encryption procedure is typical of these encryption ransomware Trojans and is part of the reason why they can be so difficult to deal with. The CHIP Ransomware is designed to encrypt the victim's files, adding the extension '.CHIP' to each file that has been encrypted. This is also typical of these types of attacks.
How the CHIP Ransomware Attack Works
The CHIP Ransomware attack is typical of ransomware Trojans. Essentially, the CHIP Ransomware extorts the victim by taking the victim's files hostage, encrypting them so that they are no longer accessible. The CHIP Ransomware will then demand the payment of a ransom after dropping a text file named 'CHIP_FILES.txt,' which alerts the victim of the attack and instructs the victim on how to pay the ransom. Victims of the CHIP Ransomware are asked to pay through TOR to remain anonymous, and are asked to leave an ID number and a message. It is not known how much money the CHIP Ransomware demands to restore the victim's files currently. Unfortunately, due to the strength of the encryption method that is being used, it is very unlikely that computer users will be able to recover from a CHIP Ransomware attack without the decryption key. Because of this, prevention is essential in dealing with the CHIP Ransomware and other ransomware Trojans.
Further Details Associated with the CHIP Ransomware and the RIG-E Exploit Kit
There are several versions of the RIG Exploit Kit. The CHIP Ransomware is associated with the 'Empire' version of this threat. This exploit kit is known for using a strong obfuscation method to prevent computer security specialists from studying its attack in details. This exploit kit will change its payloads regularly, with the CHIP Ransomware payload being used in November of 2016. It is likely that this payload will be switched out for a different type of attack in variants of this exploit kit.
Preventing the CHIP Ransomware Attacks
The best way to deal with the CHIP Ransomware is to prevent the attacks by having backups of all files. PC security researchers strongly advise computer users to backup their files regularly. Threats like the CHIP Ransomware will target all local drives, shared drives, and removable memory devices on the infected computer. If there are backups of the encrypted files, then computer users can recover quickly by replacing the infected files with the backups after the CHIP Ransomware infection itself has been removed. If no backups exist, then it may not be possible to decrypt the files encrypted by the CHIP Ransomware.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.