Chaos Malware Walks Line Between Ransomware and Wiper
#1
Information 
Quote:An under-construction malware called Chaos has been spotted, which is being advertised on an underground forum as being available for testing. While it calls itself ransomware, an analysis revealed that it’s actually more of a wiper.
 
According to Trend Micro researcher Monte de Jesus, Chaos has been around since June, and has already cycled through four different versions, with the last one being released on August 5. This rapid development could mean that it will soon be ready for primetime, but so far it hasn’t been used in actual attacks, he said.
 
Chaos started out purporting to be a .NET version of the Ryuk ransomware – a ruse it went all in on, complete with Ryuk branding on its GUI. However, de Jesus said that looking under the hood of its first version reveals very little of this supposed heritage. Instead, the sample is “more akin to a destructive trojan than to traditional ransomware,” he noted, in a Tuesday analysis.

He added, “Instead of encrypting files (which could then be decrypted after the target paid the ransom), it replaced the files’ contents with random bytes, after which the files were encoded in Base64. This meant that affected files could no longer be restored, providing victims no incentive to pay the ransom.”

“One of the more interesting functions of Chaos version 1.0 was its worming function, which allowed it to spread to all drives found on an affected system,” de Jesus wrote. “This could permit the malware to jump onto removable drives and escape from air-gapped systems.”

Read more: Chaos Malware Walks Line Between Ransomware and Wiper
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>