Ransomware dubbed Chaos may soon reign
Posted by: GuidePoint Security
Published 08/18/21 at 9:00 AM
Security researchers are tracking an under-construction malware called Chaos that they anticipate may soon be released into the wild.
Its criminal developers are billing the malware as ransomware; however, researchers state that early versions operated more like a wiper, with a structure akin to “a destructive trojan.” With conventional ransomware, files are encrypted, and when the victim pays the ransom, the criminals provide a decryptor key to decrypt their files. (Although it is common for attackers to take the money and run, providing no key or providing a key that doesn’t work.) In the case of the early versions of the Chaos malware, instead of encrypting files, the file content was replaced with random bytes and then encoded in Base64, preventing future file restoration.
The malware also has the capability to worm its way onto other drives on the affected system.
Once installed, Chaos leaves a ransom note requesting .147 Bitcoin. Another version of the Chaos malware offers advanced administrator privileges with the ability to disable Windows recovery mode, delete all volume shadow copies, and remove the backup catalog.
After pointing out that victims wouldn’t pay the ransom if they were unable to regain their files, the latest version of the malware includes a file encryption feature. In addition, researchers have found that the newest version can append encrypted files with the attacker’s proprietary extensions and change the victim’s desktop wallpaper.
While the malware currently remains under construction and lacks certain ‘traditional’ ransomware features, such as data exfiltration (common in double-extortion ransomware attacks), researchers are warning that when released the malware could cause significant damage to organizations.
Next Steps
Cybercriminals are always working to create new ransomware variants to facilitate improved attack results. To prevent attacks, businesses are strongly encouraged to patch bugs and vulnerabilities immediately. Data security services that include ransomware protection are strongly recommended.
GuidePoint Security