New Chaos Ransomware Builder Variant "Yashma" Discovered in the Wild

LASER_oneXM

Level 37
Thread author
Verified
Top poster
Well-known
Feb 4, 2016
2,534
Cybersecurity researchers have disclosed details of the latest version of the Chaos ransomware line, dubbed Yashma.
"Though Chaos ransomware builder has only been in the wild for a year, Yashma claims to be the sixth version (v6.0) of this malware," BlackBerry research and intelligence team said in a report shared with The Hacker News.

Chaos is a customizable ransomware builder that emerged in underground forums on June 9, 2021, by falsely marketing itself as the .NET version of Ryuk despite sharing no such overlaps with the notorious counterpart.

The fact that it's offered for sale also means that any malicious actor can purchase the builder and develop their own ransomware strains, turning it into a potent threat.
It has since undergone five successive iterations aimed at improving its functionalities: version 2.0 on June 17, version 3.0 on July 5, version 4.0 on August 5, and version 5.0 in early 2022.

While the first three variants of Chaos functioned more like a destructive trojan than traditional ransomware, Chaos 4.0 expanded its encryption process by increasing the upper limit of files that can be encrypted to 2.1MB. Version 4.0 has also been actively weaponized by a ransomware collective known as Onyx as of April 2022 by making use of an updated ransom note and a refined list of file extensions that can be targeted.
 

cruelsister

Level 39
Verified
Helper
Top poster
Content Creator
Well-known
Apr 13, 2013
2,847
Certainly really cute piece of malware! Seeks out and messes with Backup solutions from Acronis and Veritas and encrypts .wallet extensions (bad news for Coinbase folks). Also tried to destroy CF, which as usual giggled as the malware was being flushed from the system.