Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications

Trend Micro -

Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications

Ransomware

Since June 2021, we’ve been monitoring an in-development ransomware builder called Chaos, which is being offered for testing on an underground forum.

Since June 2021, we’ve been monitoring an in-development ransomware builder called Chaos, which is being offered for testing on an underground forum. While it’s purportedly a .NET version of Ryuk, closer examination of the sample reveals that it doesn’t share much with the notorious ransomware. In fact, early versions of Chaos, which is now in its fourth iteration, were more akin to a destructive than to traditional ransomware.

In this blog entry, we take a look at some of the characteristics of the Chaos ransomware builder and how its iterations added new capabilities.

Chaos has undergone rapid evolution from its very first version to its current iteration, with version 1.0 having been released on June 9, version 2.0 on June 17, version 3.0 on July 5, and version 4.0 on

Read More: https://www.trendmicro.com/en_us/research/21/h/chaos-ransomware-a-dangerous-proof-of-concept.html