{"id":8721,"date":"2015-11-05T16:32:29","date_gmt":"2015-11-05T20:32:29","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=8721"},"modified":"2015-11-05T16:32:29","modified_gmt":"2015-11-05T20:32:29","slug":"nasty-new-ransomware-program-threatens-to-leak-your-files-online","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2015\/11\/05\/nasty-new-ransomware-program-threatens-to-leak-your-files-online\/","title":{"rendered":"Nasty new ransomware program threatens to leak your files online"},"content":{"rendered":"<p><a href=\"http:\/\/www.pcworld.com\/author\/Lucian-Constantin\/\" rel=\"author\">Lucian Constantin<\/a> | <a href=\"http:\/\/www.pcworld.com\/article\/3002119\/encryption\/new-ransomware-program-chimera-threatens-to-leak-user-files.html\" target=\"_blank\">PCWorld<\/a><\/p>\n<p>Ransomware creators have taken their extortion one step further: in addition to encrypting people\u2019s private files and asking for money before releasing a key, they now threaten to publish those files on the Internet if they\u2019re not paid.<\/p>\n<p>This worrying development has recently been observed in a new ransomware program dubbed Chimera that was documented by the Anti-Botnet Advisory Centre, a service of the German Association of the Internet Industry.<\/p>\n<p>The attackers behind this new threat target mainly businesses by sending rogue emails to specific employees that masquerade as job applications or business offers. The emails contain a link to a malicious file hosted on Dropbox.<\/p>\n<p>Once Chimera infects a computer it starts encrypting the local files. After the first reboot it displays a ransom note on the user\u2019s desktop. The attackers ask for a payment of around 630 euro in Bitcoin in order to provide the decryption key.<\/p>\n<p>Up to this point, the process is similar to that followed by other ransomware programs. However, Chimera\u2019s creators have taken their intimidation attempts to a new low. In their ransom note they claim that if they\u2019re not paid they will publish the user\u2019s files on the Internet.<\/p>\n<p>There\u2019s no evidence that any victim\u2019s personal data has yet been released online, the German Anti-Botnet Advisory Centre said in a <a href=\"http:\/\/blog.botfrei.de\/2015\/11\/chimera-ransomware-focuses-on-business-computers\/\" target=\"_blank\">blog post<\/a>.<\/p>\n<p>It\u2019s not clear if the ransomware program does indeed siphon off user files before or after encrypting them. But the threat could be enough to scare even users who have backups into paying.<\/p>\n<p>Ransomware programs typically encrypt data locally and don\u2019t upload it to command-and-control servers because that would require a lot of storage space, even if attackers restrict the theft to certain file types such as pictures.<\/p>\n<aside id=\"\" class=\"nativo-promo smartphone tablet desktop\"><\/aside>\n<p>But the prospect of this happening in the future is scary, as it would pose a major privacy risk to businesses and consumers alike.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lucian Constantin | PCWorld Ransomware creators have taken their extortion one step further: in addition to encrypting people\u2019s private files [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7],"tags":[655,888],"class_list":["post-8721","post","type-post","status-publish","format-standard","hentry","category-security","tag-malware","tag-ransomware"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-2gF","jetpack-related-posts":[{"id":2939,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/07\/15\/ransomware-targets-smaller-businesses-security-ceo-warns\/","url_meta":{"origin":8721,"position":0},"title":"Ransomware targets smaller businesses, security CEO warns","author":"NCCT","date":"July 15, 2013","format":false,"excerpt":"Trending cyber attacks such as ransomware may be typically overlooked by small and midsize businesses, but the CEO of security firm Lumension warns that they are actually in the line of fire. Pat Clawson, LumensionPat Clawson Around the world, ransomware has been proved to be effective in midsized business environments\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8920,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/05\/17\/8920\/","url_meta":{"origin":8721,"position":1},"title":"Tech support scammers now utilizing ransomware-like lock screens to threaten people","author":"NCCT","date":"May 17, 2016","format":false,"excerpt":"By Justin Luna | Neowin Some of us may be very well aware of the classic tech support scam stories, where a man randomly calls people, and informs them that they are from \"Windows company\" and that the call recipient's computer has been detected full of viruses. These cold callers\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9168,"url":"https:\/\/nccomputertech.com\/techtalk\/2017\/05\/21\/fix-for-wannacry\/","url_meta":{"origin":8721,"position":2},"title":"Fix for WannaCry","author":"NCCT","date":"May 21, 2017","format":false,"excerpt":"https:\/\/www.youtube.com\/watch?v=Llf04BW5v3A Megan Morrone talks to Iain Thomson about a possible fix for those infected with the Wannacry ransomware. Researchers have found a fix to unlock affected computers. The tool called wannakiwi allows you to avoid paying the bitcoin ransom, but only if you're running Windows XP, Windows 7, and Windows\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/Llf04BW5v3A\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9166,"url":"https:\/\/nccomputertech.com\/techtalk\/2017\/05\/15\/this-week-in-tech-614-46-at-the-piggly-wiggly\/","url_meta":{"origin":8721,"position":3},"title":"This Week in Tech 614: $46 at the Piggly Wiggly","author":"NCCT","date":"May 15, 2017","format":false,"excerpt":"https:\/\/www.youtube.com\/watch?v=d3Br2lZcce0 The WannaCry ransomware attack is far from over. Amazon introduces the Echo Show - will the touchscreen voice assistant\/videophone flop? Microsoft announces their own voice assistant, the Cortana Speaker. The US plans to ban laptops on flights from Europe. Comcast and Charter agree not to compete on wireless. Russian\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/d3Br2lZcce0\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9210,"url":"https:\/\/nccomputertech.com\/techtalk\/2017\/07\/09\/this-week-in-tech-622-running-for-human\/","url_meta":{"origin":8721,"position":4},"title":"This Week in Tech 622: Running for Human","author":"NCCT","date":"July 9, 2017","format":false,"excerpt":"https:\/\/youtu.be\/IJp_uFA_-tU Huge pro-Net Neutrality protests planned for this week. The first Tesla Model 3 rolled off the line on Friday. Sexual Harassment in Silicon Valley. The Nokia 3310 Trump\/Putin \"Caviar\" phone costs $2500. the iPhone 8 might use facial recognition instead of Touch ID. Merck shut down by Petya ransomware.\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/IJp_uFA_-tU\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":5625,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/05\/29\/truecrypt-is-not-secure-official-sourceforge-page-abruptly-warns\/","url_meta":{"origin":8721,"position":5},"title":"\u201cTrueCrypt is not secure,\u201d official SourceForge page abruptly warns","author":"NCCT","date":"May 29, 2014","format":false,"excerpt":"One of the official webpages for the widely used TrueCrypt encryption program says that development has abruptly ended and warns users of the decade-old tool that it isn't safe to use. \"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,\" text in red at the top\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8721","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=8721"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8721\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=8721"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=8721"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=8721"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}