Hot on the heels of a major ransomware group being taken down through an international law enforcement operation comes a new development that highlights the whack-a-mole nature of such actions: A new group, likely comprised of some of the same members, has already taken its place.

The new group calls itself Chaos, in recognition of the .chaos name extension its ransomware stamps on files it has encrypted and the “readme.chaos[.]txt” name given to ransom notes sent to victims. Researchers at Cisco’s Talos Security Group said Thursday that since Chaos emerged in February, it has engaged in “big-game hunting”—meaning attacks designed to extract hefty payments—that have mainly targeted organizations in the US and, to a lesser extent, the UK, New Zealand, and India. Talos said it recently observed the group demanding a ransom of about $300,000.

Walking in your footsteps

In exchange for paying the demanded ransom, victims get a pinky swear that they’ll receive a decryptor and a detailed report of the vulnerabilities the group members found in the victim’s network and that the group will delete all the data in its possession. Victims who refuse to pay face the threat of never getting their data unlocked, having data publicly disclosed, and being subjected to distributed denial-of-service attacks.

Read full article

Comments