New Chaos Ransomware Builder Variant "Yashma" Discovered in the Wild


Level 37
Thread author
Top Poster
Feb 4, 2016
Cybersecurity researchers have disclosed details of the latest version of the Chaos ransomware line, dubbed Yashma.
"Though Chaos ransomware builder has only been in the wild for a year, Yashma claims to be the sixth version (v6.0) of this malware," BlackBerry research and intelligence team said in a report shared with The Hacker News.

Chaos is a customizable ransomware builder that emerged in underground forums on June 9, 2021, by falsely marketing itself as the .NET version of Ryuk despite sharing no such overlaps with the notorious counterpart.

The fact that it's offered for sale also means that any malicious actor can purchase the builder and develop their own ransomware strains, turning it into a potent threat.
It has since undergone five successive iterations aimed at improving its functionalities: version 2.0 on June 17, version 3.0 on July 5, version 4.0 on August 5, and version 5.0 in early 2022.

While the first three variants of Chaos functioned more like a destructive trojan than traditional ransomware, Chaos 4.0 expanded its encryption process by increasing the upper limit of files that can be encrypted to 2.1MB. Version 4.0 has also been actively weaponized by a ransomware collective known as Onyx as of April 2022 by making use of an updated ransom note and a refined list of file extensions that can be targeted.


Level 41
Honorary Member
Top Poster
Content Creator
Apr 13, 2013
Certainly really cute piece of malware! Seeks out and messes with Backup solutions from Acronis and Veritas and encrypts .wallet extensions (bad news for Coinbase folks). Also tried to destroy CF, which as usual giggled as the malware was being flushed from the system.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.