Chimera ransomware encrypts files and publishes private data on the internet

In Germany a new type of ransomware has been discovered that not only encrypts files but also locks the system and threatens to publish sensitive data, photos and videos on the internet. The ransomware is called Chimera and targets mainly companies.


Through emails with fake job postings, job applications and contracts users are seduced to open a file hosted on Dropbox. The file is the actual ransomware that encrypts all kinds of files on the computer. The ransomware also searches for network drives. Once the files are encrypted, the Chimera ransomware locks the system and shows a message that contains instructions on how to get the files back.

The message states in German: “You have become the victim of the Chimera malware. Private data is encrypted and without a special key file can’t be recovered. Some applications possibly no longer work properly. We ask you to pay Bitcoins to the address below to get your personal key file.”

Victims are asked to pay 2.45267544 Bitcoin which equals $700 or €630. The message also mentions that when users don’t pay personal data, photos and videos with the name of the victim are published on the internet.

It’s the first time ransomware was found that also steals and threatens to publish personal data. So far it’s unknown whether Chimera will release publish the data. The developers of the ransomware also offer an affiliate program. Other cybercriminals that are able to infect users with Chimera are offered a commission.