All's fair in love and ransoming peoples' files for bitcoins.
Image: Flickr/Christiaan Colen.
Ransomware, the strain of malware which cryptographically locks a victim's hard drive until they pay the author an electronic ransom, is super popular among cybercriminals right now. The strategy is so successful, in fact, that some ransomware-makers have apparently begun sabotaging each other's ransomware to try and take out their competition.
Earlier this week, 3,500 keys for a ransomware known as "Chimera" leaked online, purportedly allowing anyone targeted by it to safely decrypt their ransomed files without having to pony up bitcoins. The decryption keys were apparently posted by the authors of a rival ransomware package called Petya and Mischa, who claimed they had hacked Chimera's development system, pilfered the keys, and stolen parts of the code.
"Earlier this year we got access to big parts of their deveolpment [sic] system, and included parts of Chimera in our project," the authors write in a post on Pastebin. "Additionally we now release about 3500 decryption keys from Chimera."
Chimera is a particularly nasty strain of ransomware which not only locks a victim's hard drive but threatens to leak their private files online if the ransom isn't paid. It's still not clear whether the supposedly-leaked keys will actually decrypt machines affected by the malware, however—the security firm MalwareBytes, which first noticed the leak, says that verifying all the keys will take some time.
In any case, Petya and Mischa's authors seem to have timed the leak to promote their own ransomware, which is based on the stolen Chimera code and is now being offered as a service to any two-bit cybercriminal willing to shell out bitcoins for it.
The in-fighting seems to indicate another significant, albeit predictable shift in the criminal hacking economy. Previously, ransomware authors have expressed anger at a recent rash of fake ransomware, which display scary messages but don't actually lock or unlock a victim's hard drive when the ransom is paid; the thinking is that enough of this fake ransomware could cause people to stop believing they can get their files back when they're hit with the real thing, endangering future profits.