Chaos Ransomware Aligns with Russia

Industry: N/A | Level: Strategic | Source: Fortinet

Amongst notable ransomware groups taking sides with Russia in the Ukraine conflict, Chaos appears to have joined the list as identified by Fortinet. The indication is based on the display message Chaos leaves when encryption has completed, speaking negatively of the Ukraine government. The arrival vector was not determined however, is likely to have come from an email or user browsing a forum post. The malware used by Chaos appears to be new, having compiled data of May 16th, 2022. The variant investigated by Fortinet is identified as a potential file destroyer as the attackers did provide options for recovery to the affected files and have deleted shadow copies from impacted workstations.