Security experts have uncovered a new Trojan whose purpose is to encrypt users' data and extort them for money. The name of this new threat is Quimera Ransomware. After studying the Quimera Ransomware, researchers noticed that this new data-locking Trojan bears a significant amount of similarities with another threat of this type that has emerged indeed – the Pashka Ransomware. To achieve maximum damage, the Quimera Ransomware will make sure to encrypt as much data as possible, once it infiltrates the target's system.
Propagation and Encryption
Cybercriminals propagating ransomware threats tend to use spam emails often to propagate their creations. Normally, the email would consist of an infected attachment and a fraudulent message designed to convince the user to open the attached file. Torrent trackers, bogus software updates, and downloads, bogus pirated media, and applications also are among the most popular methods of distributing ransomware threats. As soon as the data-locking Trojan infiltrates the targeted machine successfully, it will encrypt the files present on it. Most ransomware threats apply an additional extension at the end of the affected files' names or even scramble up their names completely. However, the Quimera Ransomware operates differently. This data-encrypting Trojan does not alter the names of the affected files, which makes it impossible for the user to tell whether a file has been locked or not – the only way to determine this is to attempt to execute the file in question.
The Ransom Note
Upon the achievement of the encryption process, the Quimera Ransomware will drop a ransom note on the desktop of the user. The ransom message of the attackers is contained within a file named 'HELP_ME_RECOVER_MY_FILES.txt.' In the ransom note, the attackers state that the ransom fee will be demanded in the shape of 0.04 Bitcoin, which is about $320 at the time of typing this post. To get in touch with the attackers, the victim can contact them via email - ‘email@example.com.'
It is advisable to avoid any communication with the authors of malware. The creators of the Quimera Ransomware are cybercriminals who are not to be trusted. They promise users to provide them with a decryption tool as soon as they pay the demanded ransom fee, but there is no guarantee that the cyber crooks will keep their word. This is why it is safer to consider installing a genuine anti-malware solution that will help you in the removal of the Quimera Ransomware.