Chaos Malware Devolves from Ransomware to Wiper

The Chaos Malware is a new cyber threat whose creators are promoting it on underground hacking forums. Although they describe the project as the 'Chaos Ransomware,' its features are more typical for a wiper. Unfortunately, wiper malware can be very destructive, and its victims will often have limited data recovery options. It is important to add that the authors of the Chaos Malware state that the project is not finished yet – their last update is from the 5th of August. This is the opposite to what other threats have done - like the Apostle Malware Evolves from Wiper to Ransomware.

So far, it seems that the Chaos Malware's creators might not be skilled malware developers. Their project seems to change all the time. In the beginning, they described it as an enhanced .NET version of the Ryuk Ransomware. Its initial updates allowed the Chaos Ransomware to encrypt files up to 1MB in size. Later, they raised the limit to 2MB. However, all of this was left behind at the beginning of August.

Recent updates change Chaos Malware's functionality entirely. It seems to no longer use any sort of encryption. Instead, its behavior focuses purely on destruction. It overwrites the contents of the files with random data and then encodes the result using Base64. There is no way to undo this damage. Even if the criminals claim to have a decryptor, we assure you that this is a lie.

Apart from the wiper module, the Chaos Malware packs other features as well. It seems to have the ability to spread in a manner similar to a worm. The malware infects USB drives and other removable storage that the infected device has access to. It will also disable Windows Recovery Mode and wipe out Shadow Volume Copies.

Although there is no decryptor for the Chaos Malware, it still drops a ransom message. The file, titled 'read_it.txt,' asks the victim to pay 0.147 Bitcoin (about $6,600.) It assures them that they will receive a decryption tool if they agree. Paying the fee is a terrible idea because there is no way the attackers can help you. If you happen to encounter the Chaos Malware, then you should run an antivirus tool and then try to recover data from a backup

August 11, 2021