Skip to main content

New ransomware surprises victims with its affiliate program

A hacker inputting code into a system.
Image used with permission by copyright holder
Roll up, roll up, who wants to make some money ruining the prized memories of computer users around the world? You do? Well you’re in luck, as the nefarious individuals behind the ransomware “Chimera,” have placed an advert in their latest creation, offering anyone affected by its software to join its affiliate program and help spread the wondrous destruction of the malware.

In many ways the Chimera ransomware is quite typical. Once a machine is infected, it hunts out potentially important documents, images and files and encrypts them, only offering to give the decryption key if the affected user pays up. It does however go one step further and states that if the user holds out and doesn’t pay, the content may be posted online for all to see.

That sort of threat could be specifically damaging for businesses or those with skeletons in their digital closet.

But it’s the affiliate scheme that really makes this bit of malware stand out. The call for new proliferators of the nasty software is buried in the base of the screen that pops up following infection. Along with a notice that you have been infected with the Chimera Ransomware, a Bitcoin address and a demand for a certain amount of the digital currency, is a small note encouraging anyone interested to check the source code for information on how to join the exciting affiliate team.

Related: Buggy ransomware permanently encrypts files on accident 

Buried in the back end is information that will help you get set up as a ransomware distributor. It even sounds like a good deal, with the creators offering as much as 50 percent commission for anyone that joins up. Of course, you risk detection and arrest if you aren’t careful, and you’d be potentially inflicting horrible stress on those affected. But hey! 50 percent!

According to Trend Micro, this tempting offer may not be worth it, as the chances of detection should you sign up are increased. This particular bit of malware is relatively easy to detect and doesn’t have much in the way of obfuscation to prevent your identity as the originator.

So, no — it’s not a good idea to sign up as a malware affiliate.

Editors' Recommendations

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
Notorious ransomware gang Conti shuts down, but not for good
Conti ransomware group logo.

The ransomware group known as Conti has officially shut down, with all of its infrastructures now offline.

Although this might seem like good news, it's only good on the surface -- Conti is not over, it has simply split into smaller operations.

Read more
Ransomware gangs are evolving in new and dangerous ways
Silhouette of male hand typing on laptop keyboard at night.

With digital technology growing at a rapid pace, ransomware gangs and their methods continue to advance at an aggressive rate as well.

This observation was detailed by cybersecurity and antivirus giant Kaspersky via a new report, highlighting fresh ransomware trends that have materialized throughout 2022.

Read more
This researcher just beat ransomware gangs at their own game
A digital depiction of a laptop being hacked by a hacker.

A security researcher has discovered key flaws pertaining to popular ransomware and malware -- a state of affairs that could lead to their creators entirely rethinking the approach to infiltrate potential victims.

Currently, among the most active ransomware-based groups are the likes of Conti, REvil, Black Basta, LockBit, and AvosLocker. However, as reported by Bleeping Computer, the malware developed by these cyber gangs has been found to come with crucial security vulnerabilities.

Read more