Chaos Ransomware is More of a Wiper

Walden Systems Geeks Corner News Chaos Ransomware is More of a Wiper Rutherford NJ New Jersey NYC New York City North Bergen County
The Accordion system converts ordinary external HD into a NAS box and enables you to backup data using any usb based storage device whether it is RAID, SATA, ATA, IDE, SSD, or even CF-card. Accordion backup appliance is a self contained device that can utilize any external storage for backing up data. You can utilize existing excess storage on existing workstations or servers. You can use existing NAS storage or you can use any usb based storage device. Accordion is agnostic when it comes to where it backs up to or what technology is used for backup.

A malware called Chaos is being advertised on an underground forum. While it's creators are calling it ransomware, an analysis revealed that it's actually a wiper. According researcher Monte de Jesus, Chaos has been around since June, and have been through four different versions, with the last one being released in August. This rapid development could mean that it will soon be ready for release, but so far it hasn't been seen in any attacks.

Chaos started out being a .NET version of the Ryuk ransomware, complete with Ryuk branding on its GUI. However, the code of its first version reveals very little of this supposed heritage. It acts more like a destructive trojan than a traditional ransomware. Instead of encrypting files, it replaces the files contents with random bytes, after which the files were encoded in Base64. This meant that affected files could no longer be restored. Another function of Chaos version 1.0 was its worming function, which allows it to spread to all drives found on an affected system. This could permit the malware to jump onto removable drives. Once installed, the first version of Chaos searched for various file paths and extensions to infect, and then dropped a ransomware note named read_it.txt, asking around $6,000.


The second version adds advanced options for administrator privileges, the ability to delete all volume shadow copies and the backup catalog, and the ability to disable Windows recovery mode. Chaos 3.0 adds encryption. The sample had the ability to encrypt files under 1 MB using AES/RSA encryption, and featured a decryptor builder. A fourth iteration of Chaos appeared on the forum, with an expansion of the AES/RSA encryption feature. Files up to 2MB can be encrypted. Operators can also append encrypted files with their own proprietary extensions, like other ransomwares, according to the analysis. It also offers the ability to change the desktop wallpaper of their victims.

Ransomware has been rising in 2021, with global volume increasing by 150% for the first six months of the year as compared with the previous year. The FBI warned that there are now 100 different strains circulating around the world. The most-deployed ransomware is Ryuk, which could account for why the Chaos authors are riding on its coattails. For now, the Chaos ransomware is still under construction. In it's latest form, it lacks the data-exfiltration capabilities that almost all major ransomware have. Chaos is, for now ,a proof-of-concept malware but it could be dangerous thanks to its ability to wipe out files.