Hot on the heels of a major ransomware group being taken down through an international law enforcement operation comes a new development that highlights the whack-a-mole nature of such actions: A new group, likely comprised of some of the same members, has already taken its place.
The new group calls itself Chaos, in recognition of the .chaos name extension its ransomware stamps on files it has encrypted and the “readme.chaos[.]txt” name given to ransom notes sent to victims. Researchers at Cisco’s Talos Security Group said Thursday that since Chaos emerged in February, it has engaged in “big-game hunting”—meaning attacks designed to extract hefty payments—that have mainly targeted organizations in the US and, to a lesser extent, the UK, New Zealand, and India. Talos said it recently observed the group demanding a ransom of about $300,000.
In exchange for paying the demanded ransom, victims get a pinky swear that they’ll receive a decryptor and a detailed report of the vulnerabilities the group members found in the victim’s network and that the group will delete all the data in its possession. Victims who refuse to pay face the threat of never getting their data unlocked, having data publicly disclosed, and being subjected to distributed denial-of-service attacks.
© Getty Images
Authorities in Europe have detained five people, including a former Russian professional basketball player, in connection with crime syndicates responsible for ransomware attacks.
Until recently, one of the suspects, Daniil Kasatkin, played for MBA Moscow, a basketball team that’s part of the VTB United League, which includes teams from Russia and other Eastern European countries. Kasatkin also briefly played for Penn State University during the 2018–2019 season. He has denied the charges.
The AFP and Le Monde on Wednesday reported that Kasatkin was arrested and detained on June 21 in France at the request of US authorities. The arrest occurred as the basketball player was at the de Gaulle airport while traveling with his fiancée, whom he had just proposed to. The 26-year-old has been under extradition arrest since June 23, Wednesday's news report said.
© Getty Images | SimpleImages
A leak of 190,000 chat messages traded among members of the Black Basta ransomware group shows that it’s a highly structured and mostly efficient organization staffed by personnel with expertise in various specialties, including exploit development, infrastructure optimization, social engineering, and more.
The trove of records was first posted to file-sharing site MEGA. The messages, which were sent from September 2023 to September 2024, were later posted to Telegram in February 2025. ExploitWhispers, the online persona who took credit for the leak, also provided commentary and context for understanding the communications. The identity of the person or persons behind ExploitWhispers remains unknown. Last month’s leak coincided with the unexplained outage of the Black Basta site on the dark web, which has remained down ever since.
Researchers from security firm Trustwave’s SpiderLabs pored through the messages, which were written in Russian, and published a brief blog summary and a more detailed review of the messages on Tuesday.
© Getty Images
Login