CHIP Ransomware
Posted: November 22, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 12 |
| First Seen: | November 22, 2016 |
|---|---|
| Last Seen: | March 24, 2020 |
| OS(es) Affected: | Windows |
The CHIP Ransomware is a Trojan that uses asymmetric encryption to lock your files so that it can ask for ransom money to restore them. Because this threat's campaign uses non-consensual infection vectors, PC owners should use anti-malware protection able to block attempted downloads and installations by default. The same software also may remove the CHIP Ransomware, although backups remain the most reliable method of recovering any damaged data.
Another CHIP Off the Block of File-Imprisoning Software
Exploit kits (or EKs) are notable for delivering high-level threats to PCs while escaping many of the symptoms that would cause victims of manually-downloaded Trojans to become suspicious. Therefore, it's not surprising that one of the most popular exploit kits of the year, the RIG Exploit Kit, is seemingly specializing in delivering many variants of one of the most popular categories of threats: file-encrypting Trojans that hold your data up for ransom. One of the most recent beneficiaries of this delivery method is the CHIP Ransomware, although there are numerous others, including the Alcatraz Ransomware, the YafunnLocker Ransomware, and some versions of the Cerber Ransomware.
The EK installs the CHIP Ransomware after an unprotected browser loads the kit-hosting website, which scans the PC for any of various software vulnerabilities. After the successful drive-by-download, the CHIP Ransomware uses an AES algorithm to encrypt (and consequentially block) your files, such as DOC documents or PNG images. Since this encryption blockade would be easy to reverse-engineer and counter, the CHIP Ransomware also protects the resulting key code with a customized RSA algorithm.
What to Do When the CHIPs are Down
The file-locking half of the CHIP Ransomware's payload is intended to provide an incentive for the extortion half, which the CHIP Ransomware implements via a TXT message redirecting the victims to TOR-protected payment portals. Although there's no current information available on the size of the ransom victims are asked to pay, malware experts see extortion fees ranging from under one hundred to over a thousand USD, often in Bitcoins (a cryptocurrency that protects the threat actor's anonymity). Paying may or may not give you a working decryption program in exchange.
The CHIP Ransomware has shown no vulnerabilities in its encryption method that would lead to any third parties decoding its attack. Since this issue is a recurring problem with file-encrypting Trojans of most families, malware experts recommend averting it by storing backups. Locally-saved backups are at risk of deletion, but ones on third-party servers or other storage devices should be safe for recovering from the CHIP Ransomware's attempted data blockade.
Standard industry anti-malware products can protect your PC by deleting the CHIP Ransomware or blocking the drive-by-downloads that lead to its presence on your computer. The RIG Exploit Kit depends on the presence of software vulnerabilities, some of which may be corrected by security patches, others of which may be 'zero-day' (or not yet patch-fixed). Updating all software, disabling browser features with security risks, and avoiding links to suspicious sites can all close routes of exposure to the CHIP Ransomware's EK.
As much as PC users are reminded to avoid unsafe downloads, attacks like the CHIP Ransomware's installers are reminders that a download isn't always a personal choice.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.