In recent years, ransomware attacks have become all too common. They damage computer systems, bring inconvenience to their victims, and exact take a heavy toll on our shared digital economy. In this article, we shall be discussing a new entrant in the ransomware field, called Quimera.
How Quimera Ransomware Behave?
Like other ransomware strains, the Quimera ransomware encrypts the files and folders of its victims and demands a ransom payment of 0.04 bitcoins.
But despite this shared modus operandi with other ransomware entities, Quimera also has features that makes it stands out. The first is that not only does it encrypt files, but the malware creators also threaten to post them online if the ransom is not paid. As you can imagine, this can be very unnerving for corporate entities and individuals with things to hide.
That said , to clarify things, cyber-security researchers have noted that the threat to post files and folders on the internet is likely a bluff as the Quimera ransomware lacks the capability to siphon the victims’ files to a command-and-control server. The only information it has been observed to send is the generated victim ID, bitcoin address, and the private key.
Another stand out feature of Quimera is that it invites its victims to be part of its affiliate program. That is to say that it is operated as a Ransomware-as-a-Service (RaaS). And while there are many ransomware strains that are also operated in the same way, only Quimera invites its victims to buy into the scheme. The invitation to take part in the RaaS scheme is contained in the source code of the malware. This is explicitly stated in the “HELP_ME_RECOVER_MY_FILES.txt” that the ransomware leaves behind.
Here is an image of the ransomware text:
A look at the source code does indeed reveal that the scheme is serious business as it contains a Bitmessage address through which interested parties can contact the creators of Quimera. Here is a screenshot of the source code showing the offer:
As you can see, the malware creators request 50% of all profits resulting from successful ransomware attacks. This arrangement makes the RaaS model very attractive to people from all walks of life. One can even imagine an IT professional who intentionally infects a company’s computers with his insider knowledge and access, knowing that the company executives will most likely agree to pay the ransom amount that will in turn benefit him.
Say your computer has been infected by the Quimera ransomware, what do you do?
How to Remove the Quimera Ransomware?
Although the Quimera ransomware is both an evasive and sophisticated malware, it is no match to powerful anti-malware solutions such as Outbyte Anti-Malware. What you need to do once you suspect that your computer has been infected is to perform a comprehensive scan that will isolate the virus and delete it from your computer.
For this to happen without a hitch, you need to run your Windows device in Safe Mode with Networking.
Safe Mode is a way for the Windows OS to run with the minimum system files necessary. It is a great way to troubleshoot PC issues including malware infections. To get into Safe Mode with Networking on a Windows 10 device, take the following steps:
- Shut down your computer by pressing the power button for about 10 seconds.
- Restart it and shut it down repeatedly until you enter into the Automatic Repair mode.
- Select Advanced options > Troubleshoot > Startup Settings > Restart.
- Press F5 to boot into Safe Mode with Networking.
To get into Safe Mode with Networking on a Windows 7 device, take the following steps:
- Shut down your computer by pressing the power button.
- As soon as your computer restarts, press the F8 button repeatedly.
- Your computer will display hardware information and run a memory test after which the Advanced Boot Options menu will appear.
- Use the arrow keys to select Safe Mode with Networking.
Once you are in Safe Mode with Networking, use the internet to download any additional resources that you might need to remove the Quimera ransomware.
How to Delete the Quimera Ransomware Manually
Deleting a malware entity manually, let alone a ransomware, is a bit tricky, but it can be done. For this to happen, you’ve got to consider several options. The first involves cleaning your disks so that not a shred of any infected folder or file is left. The second option is to either refresh or reset your computer in which case you will end up with a computer that is as good as new.
To clean the drives on your Windows 10 PC, take the following steps:
- Into the Windows search box, type ‘Disk Cleanup’.
- On Disk Cleanup app, right-click to Run as administrator.
- Under Files to delete, select the file types that you want to remove. Since you want to remove all files, tick all the file types including system files.
- Select OK.
The Disk Cleanup app works the same way in Windows 7, so you can use the procedures described above.
If you would like the process of cleaning your computer to be a bit straightforward, we recommend that you use a PC repair tool. It will not only clean the files on your computer, but also make it easier to remove problematic apps, monitor processes, and repair broken, corrupt or missing registry entries.
Windows Recovery Option
The other way of removing the Quimera ransomware involves using a Windows recovery option, such as System Restore, reset this PC, Refresh this PC, Use installation media to reinstall Windows 10, Go back to previous version of Windows, and Remove an installed Windows update.
Any of these methods partially or wholly involves the removal of any apps and settings that are not default to the Windows OS.
As part of the Quimera ransomware removal instructions, we shall show you how to reset your Windows 10 PC.
- Press the Windows key to get to Settings > Change PC settings. Alternatively, press the Windows + I key to open the Settings window.
- Under Update & Recovery, tap Recovery.
- Under the option to Remove everything and reinstall Windows, press Get Started. You might need an installation media for this step, although it is not necessary most of the time.
- Finish the process by following the instructions on the screen.
Once you reset your PC, you will lose most of the programs that you had previously installed, but that is nothing to worry about as you can easily install them back.
How to Avoid Malware Infections
Is there anything that you can do to prevent the likes of Quimera ransomware from infecting your computer? Here are a few tips:
- Install a premium anti-malware software.
- Back up your files so that you always have other copies even when the ones on your computer have been encrypted.
- Be wary of email attachments from unknown sources. Scrutinize them first before opening them.
- Have a common cybersecurity strategy with your colleagues because as the saying goes, a chain is no stronger than its weakest link.