People conducting cyberattacks have a new method of attacking users. Their latest technique involves forcing victims to either pay a ransom or else they will have their data published online for everyone to see. The phenomenon is known as ransomware.
The attackers attract victims by offering jobs and lucrative business propositions. Once the victims are lured in, they are tricked into downloading a malicious program named Chimera. Once the program is activated, it hacks into the network drives of compromised Windows computers.
After the attackers obtain valuable information, they threaten their victims to either pay up or be exposed. The result is full-blown cyber blackmail.
However, it’s still unknown if the criminals can actually deliver on these threats. At the present time, there is no evidence that personal data has been posted onto the internet by cyber criminals.
It has been confirmed that the scam has been taking place in Germany over the past few weeks.
Manager of security research at AppRiver Troy Gill said, “While this specific threat is a new addition to the crypto ransomware malware family, it is in perfect keeping with typical malware attacks. Making threats is the name of the game when it comes to ransomware or 'scareware.”
Still, Gill is not very concerned about these most recent threats.
He explained, “However, I think it is very unlikely that the victim is in any real danger of having their actual documents posted online. With all instances of cryptographic ransomware that we have observed in the past few years, all have simply encrypted the user’s files on their machine. None have shown any evidence that the documents were ex-filtrated from the victim’s machine. Doing so would be a significant increase in risk for the attacker with much less reward.”
Many experts have said that Chimera is basically a variant of the malicious software CryptoLocker with the addition of a scareware element.
However, Gill does acknowledge that the new tactic will become more widespread if it proves to increase the effectiveness of the attackers. Time will tell if this new technique will work.
For now, people are advised to maintain data backups and run current security software in order to prevent any damage that might be done. Using common sense on the internet is also important.