— A THREAD —

[1/n] We’re monitoring developments on a new piece of proof-of-concept #ransomware called #Chaos. It’s purportedly a .NET version of #Ryuk, but our analysis shows that its routines are different from Ryuk’s. Image
[2/n] Earlier versions of #Chaos were actually destructive #trojans that overwrote rather than encrypted files, which meant that victims had no way of restoring their files to their original state. Image
[3/n] The third version of #Chaos was traditional #ransomware, having the ability to encrypt files via RSA/AES and also providing a decrypter. With this version, the creator asked for donations to support the ongoing development of Chaos. Image
[4/n] The fourth version of #Chaos was recently released on an underground forum. It gained support for custom file extensions, the ability to change an infected machine’s desktop wallpaper, and an increase in the size limit of encrypted files to 2 MB. Image
[5/n] While we have not yet detected an active infection or victim of the #Chaos #ransomware, we believe that the ransomware builder still poses a threat in the hands of malicious actors who have access to malware distribution and deployment.
[6/n] It appears that the #Chaos #ransomware is still undergoing evolution, since it lacks some features that many modern ransomware families have, such as the collection of data from victims that could be used for blackmailing if the ransom is not paid.
[7/n] The development of new #ransomware families and variants will always be a matter of concern. In our research, we provide recommendations that will help organizations prevent and mitigate the effects of modern ransomware attacks: research.trendmicro.com/3xqVtKH
[8/n] This is a developing story. We’ll keep you updated as more information comes in. Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Trend Micro Research

Trend Micro Research Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(