Link Found Connecting Chaos, Onyx and Yashma Ransomware

A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names.

For a year now, threat actors have been using different versions of the same ransomware builder – “Chaos” – to attack governments, corporations and healthcare facilities. Now researchers from Blackberry have connected the dots, painting a picture of a malware that has evolved five times in twelve months.

“The clues surfaced during a discussion between a recent victim and the threat group behind Onyx ransomware, taking place on the threat actor’s leak site,” the researchers noted in a new report. The Onyx ransomware group were threatening to publish said victim’s data to the internet when, in soap opera fashion, a third party entered the chat stating:

“Hello… this is my very old version of ransomware… I updated many thing and it is faster decryptable… there is no limit in new version…”

Onyx was, evidently, just an outdated Chaos build. The proclaimed author of Chaos kindly offered the Onyx group their newest version of Chaos, renamed “Yashma.”

In case you’ve already lost track, let’s break it down:

Chaos Started as a Scam

“The Chaos author’s apparent

Read More: