A new ransomware-as-a-service group called Chaos, possibly linked to former BlackSuit members, has emerged using sophisticated attack techniques including social engineering and multi-threaded encryption. Despite law enforcement sanctions on similar groups, Chaos continues to target various systems, mainly in the US, demanding high ransoms and employing anti-analysis strategies. #ChaosRansomware #BlackSuit #Conti #OperationCheckmate
Keypoints
- Chaos RaaS is likely composed of ex-BlackSuit members and has been active since February 2025.
- The group uses phishing, voice phishing, RMM tools, and data exfiltration to carry out attacks.
- Chaos targets Windows, ESXi, Linux, and NAS systems, demanding ransoms of $300,000 for decryptors and security insights.
- The ransomware employs multi-threaded encryption, anti-analysis techniques, and persistence methods to maximize impact.
- Law enforcement has seized cryptocurrency and taken down related dark web sites, but threat activity persists with evolving tactics.
Read More: https://thehackernews.com/2025/07/chaos-raas-emerges-after-blacksuit.html