The creators of “Petya” and “Mischa” ransomware leaked around 3,500 RSA private keys for the rival software, Chimera. The keys were allegedly from victims’ systems infected by the Chimera ransomware.
Mischa’s developers claim earlier this year they got access to big parts of the dev system used by the malware coder team who created Chimera. After the hack, the rival gang obtained the source code for Chimera and integrated some of it into their own ransomware project, according to a Pastebin message. Malwarebytes, an internet security company, already confirmed this fact in their report last month where they said Mischa shares “some components” with Chimera.
There’s no official confirmation yet that the leaked RSA keys would actually work in decrypting the files in Chimera-infected systems, however, there’s a big chance that they are legitimate. Malwarebytes researchers made this statement in their blog post:
“Checking if the keys are authentic and writing a decryptor will take some time – but if you are a victim of Chimera, please don’t delete your encrypted files, because there is a hope that soon you can get your data back.”
Chimera appeared in November, and it differs from other types of ransomware; it threatens the victims