In recent events, there appear to be several decryption keys being leaked over the Internet uncovering the proper key to decrypt files that were once encrypted for the purposes of demanding ransom fees from victimized computer users.
The author of the Mischa and Petya family of ransomware has leaked the decryption keys for the rival Chimera Ransomware. Chimera is among an extensive list of ransomware that appeared in 2015 and has since evolved to not only encrypt files on infected computers, but the threat took on a new face to offer an affiliate program for other crooks who want to earn money by the distribution of the malware.
Recent ransomware infections have been known to conduct malicious activity, actions that end up leaving an infected computer nearly useless for performing various functions. The process of crypto-ransomware encrypting files ends up with a demanding notification that attempts to extort money from computer users as part of a ransom scheme. To decrypt the files encrypted by ransomware, computer users are coerced into paying a ransom fee that usually amounts to several hundreds of dollars. Paying the ransom price will ultimately relinquish a decryption key, a specialized code that will unlock and decrypt files that were originally encrypted by the ransomware. In recent events, cybercrooks have uncovered and exposed several decryption keys that will unlock rival ransomware, such as in the case of Chimera.
By providing a free decryption key for Chimera ransomware, the author of Mischa and Petya have effectively given computer users victimized by Chimera a way to alleviate the issue of encrypted files without paying the common ransom payment. In doing so, Chimera and its creator may not bring in the money that they hoped for in their crafty ransom schemes.
The decryption keys for Chimera were posted on the Dark Web by Twitter user Janus, who is also the operator of the Dark Web's RaaS (Ransomware-as-a-Service) portal. Janus made claims that he gained access to the infrastructure behind Chimera where he stole parts of the source code. The code was also used for his Mischa ransomware.
In an effort to ruin the business of competitors, Janus uploaded Chimera ransomware's private decryption keys, fundamentally creating a situation where computer users victimized by Chimera will no longer need to pay the ransom to decrypt their files.
Some suspect that Janus is leaking the keys to Chimera for the purpose of gaining attention to his Mischa and Petya RaaS service, which was coincidentally released hours before exposing the decryption keys for Chimera.
There have been other occurrences in the past where cybercrooks battled other hackers to capitalize on additional business, which granted them with a larger payday at the expense of more victimized computer users. Fortunately, those infected with Chimera Ransomware will have a means of avoiding paying the substantial ransom fee and utilize the "free" decryption keys to unlock their computer and decrypt their files.