The Web of Chaos Ransomware

  |  Source: 

The Web of Chaos Ransomware

The BlackBerry research team has explored The influence of Chaos ransomware by reviewing conversations between threat actors associated with Onyx and Chaos ransomware. A user under the account name "ampkcz", alleging to be the author of Chaos ransomware, revealed Onyx was derived from Chaos v4.0 Ransomware Builder. Tracing Chaos ransomware versions, version 4 was observed in the wild since August 2021. Onyx ransomware was first observed in April 2022 with a leak site launched shortly after. Coding similarities between Onyx and Chaos identify a 98% similarity. A new version of Chaos, named Yashma has also been promoted by Chaos ransomware's author as the 6th and the latest version of the malware. Chaos has been observed in the wild since June 2021 and was advertised as Ryuk .NET Builder. Although no relationship with the Wizard Spider threat group or Ryuk was identified, it is likely the threat actor was only utilizing the Ryuk name. Reviews of Chaos Ransomware in its early version stage were "resoundingly negative." The malware iterated quickly with the first version having capabilities more in line with a wiper, with encryption capabilities limited. Ransomware tracking could be made more difficult with attackers following schemes to build their own malware from builders such as Chaos/Yashma and Onyx. Since tracking victims of Chaos ransomware, industries impacted include emergency services, medical, finance, construction, and agriculture.


Get trending threats published weekly by the Anvilogic team.

Sign Up Now