Home Malware News Chimera Ransomware Creators Offer Unrealistic Affiliate Program to Perpetuate Malware

Chimera Ransomware Creators Offer Unrealistic Affiliate Program to Perpetuate Malware

Posted: December 4, 2015

chimera ransomware affiliate programRansomware has been one of the most aggressive and destructive malware threats of 2015. With 2016 on the horizon, ransomware creators are looking to ramp up their efforts to spread their malware creations to new, unprecedented levels by offering affiliate programs, which permit others to spread the Chimera Ransomware threat and earn a portion of its ransom fee earnings.

Chimera Ransomware is among the long growing list of encryption-type ransomware threats that are known for their actions of encrypting files and data stored on an infected computer. In light of how highly effective ransomware like Chimera is to hold a victimize computer user's system for ransom, its creators are giving others the ability to offer the Chimera Ransomware code as a service to essentially sell or spread onto other computers.

Not only are the creators of Chimera Ransomware offering an affiliate program, but the program is a ransomware-as-a-service (RaaS) deal. With the RaaS deal, those victimized by Chimera Ransomware are given a chance to resell Chimera. Discovered by Trend Micro, is the code for Chimera Ransomware where it enables secret message exchanges between two people through P2P connections. It is believed that through the communications, which may be initiated by clicking on the message at the bottom of Chimera Ransomware's threat message offering an affiliate program, the messenger connection will be initiated.

The message at the bottom of Chimera Ransomware, "Take advantage of our affiliate-program!," can be shown in figure 1 below, which is a clickable link that loads windows including instructions to "join" the ransomware creators.

Figure 1. Chimera Ransomware threat message with affiliate program offer link at the bottom.
chimera ransomware affiliate program offer

Researchers discovering Chimera Ransomware's affiliate offering are puzzled by its ultimate goal in the whole situation, and rightfully so considering that Chimera has a high 50% commission rate that must be paid by the new affiliate user. Moreover, there are other malware application platforms that only require a 10% fee, which leaves Chimera in a category of its own where it may not see much success.

Anthony Joe Melgarejo, Threat Response Engineer for Trend Micro, who first made the discovery of Chimera Ransomware's affiliate offering's code, says, "Selling ransomware as a service allows creators to enjoy some profit without the increased risk of detection." Melgarejo further explains on the Trend Micro blog in his discussion about Chimera Ransomware recruiting victims, "Peddling ransomware as a service (or RaaS) has some advantages. RaaS lessens the possibility of the illegal activity being traced back to the creators."

Essentially, offering an affiliate program to victimized computer users surrounding the current state of Chimera Ransomware is quite unrealistic and could have detrimental consequences for both the creators and end-users.

With the massive propagation of new encryption-type ransomware threats as of late, we believe threats like Chimera Ransomware would do fine on their own without the confusion of a limited-profit affiliate program. However, even though we think that Chimera Ransomware's affiliate program won't get off of the ground to see the light of day, it could later evolve into some other type of offer to entice those victimized by ransomware. Just think, your computer gets a nasty ransomware threat that asks for a payment of $500 to decrypt your files and then counters the offer with the chance to re-sell and spread the threat for a small profit. Most people are going to spark an interest in the latter choice.

Loading...