Home Malware Programs Ransomware Quimera Ransomware

Quimera Ransomware

Posted: January 10, 2020

The Quimera Ransomware is a file-locker Trojan that can keep your media content from opening by encrypting it. The Quimera Ransomware instigates this attack out of hope of extorting ransom money from the victim in return for a possible unlocking solution. Because of the questionable reliability of such services, users should establish backups for protecting their files appropriately while using anti-malware tools for deleting the Quimera Ransomware as soon as practical.

Chimeric Troubles for Reckless Windows Users

An early sample of a Trojan, possibly in-progress, is showing yet another 'independent' file-locking threat for 2020 – right next to competing ones like the Freeme Ransomware and the similarly-new BitPyLock Ransomwa family. Although the Quimera Ransomware's name comes from Spanish, its anticipated victims aren't residents of Spain, Mexico, or other nations with it as a national language. The targets are, as usual, English speakers, with the criminal in question hoping for a gain in Bitcoins out of blocking data.

The Quimera Ransomware could be unfinished, so far, since it's missing one of the most common features among its kind: an extension for identifying what content it blocks visually. Other than that significant hole in its payload, the Quimera Ransomware partakes of the usual functions of a file-locking Trojan, including blocking documents and similar content through encrypting each file's data, and leaving a Notepad ransom note for the victim's 'benefit.' The Trojan is a Windows program and, like most of these Trojans, has an executable of less than a megabyte.

The name of the Quimera Ransomware is a Spanish translation of the word 'chimera,' which refers to a multi-headed Greek monster – as well as an arts festival, a prototype electric car, and a rollercoaster, likely coincidentally. The English note that it creates doesn't identify the Trojan by name, however, and is fairly-generic. It asks for 0.04 Bitcoins to a wallet address that malware experts verify as being active, although the transaction history shows no ransom payments, fortunately.

Maintaining a Haven for Files against Monstrous Rampages

There are no reasons for presuming that the Quimera Ransomware is anything less than new, since malware experts see no cases of attacks in 2019, and all internal file information suggests a recent compilation in January of 2020. However, its author has made little headway into obfuscating the Trojan's threatening nature, and most security products are detecting it through behavioral, generic flags. Many products are flagging it as a variant of the Ulises Trojan.

The Quimera Ransomware is a 32-bit Windows program, but many file-locker Trojans are targeting other environments with equal ease. Users should protect their work preemptively by saving another backup to a location that the Quimera Ransomware can't access, preferably, one with additional password protection. Users also can test their luck with free decryption software or recovering the Shadow Volume Copy-based Windows backups, which many, but not all, Trojans will delete.

Paying the Bitcoin ransom will put the victim out of pocket for hundreds of USD in value (as per current exchange rates) – for potentially, no benefit. Users should always treat this Trojan as a threat and quarantine or delete the Quimera Ransomware through appropriate anti-malware applications.

The Quimera Ransomware has a reasonably intimidating name for a Trojan whose payload does little that different from the thousands of Trojans before it. One more digital monster on the field makes Windows an unsafe place for a file to be – unless there's a backup to fall back onto and regroup.

Related Posts

Loading...