The world of hacking has always been a little volatile and wily, to say the least, but the creators behind a new piece of ransomware called Chimera have really outdone themselves, with a 'referral' program designed to further propagate their exploit.
Like any piece of ransomware, Chimera infects your computer and locks you out of your files, pending a hefty ransom (in this case, 2.4 bitcoins or $865) to the team behind it. What makes this particular malware so deserving of its name as the multifaceted fire breathing monster that so terrified the ancient Greeks is its inclusion of multiple - and dare I say, innovative - means of not only further exploiting victims but also inducing them into its world of crime.
First off, unlike most similar exploits, not only will Chimera lock you out of your files but - if a payment is not made within the pre-determined time - also release them online, for anyone to peruse at their leisure. There is, however, no evidence of anyone's details being made public as of yet, and security firm Trend Micro even brings to question whether the software has the capability to begin with. Even if untrue, loss of privacy is certainly an effective scare tactic and is likely to make victims more willing to comply with the extortionists' demands.
What really sets Chimera apart though - and proves the genius of the criminals behind it - is the accompanying 'referral' program. Embedded within the ransom demand is a link to the source code, allowing victims to connect with those behind the attack and "take advantage of...[their] affiliate program". Those who are so inclined can transmit Chimera to others and earn as much as 50% of all returns. Why pay when you can be paid, I suppose? Making the affiliate program even more lucrative for the hackers is the fact that it adds an extra layer between any potential victims and the masterminds behind the scheme, distancing them from the crime and possibly even adding a 'crowdsourcing' aspect to the whole affair.
The exploit was first noticed among users in Germany and has been making the rounds through fake job applications and business offers. There are now indications that the Bitmessage address used by paying victims to reclaim their files has gone quiet, perhaps a sign that the people behind it may have moved on - or perhaps they've simply wisened up and changed their domain.