Chaos is suspected to be a rebranding of BlackSuit ransomware or operated by its former members due to similarities in encryption methods and ransom notes. It gains initial access primarily through social engineering, often tricking victims into contacting attackers posing as IT security representatives. These attackers then use tools like Microsoft Quick Assist for remote access. Chaos is also linked to BlackSuit's predecessor, Royal, which originated from the Conti ransomware group. Recent law enforcement actions resulted in the seizure of BlackSuit's dark web site during Operation CheckMate.
Chaos is likely a rebranding of BlackSuit ransomware or operated by former members, based on similar encryption mechanisms, ransom note structure, and tools used.
Chaos gains access through social engineering, persuading victims to contact supposed IT representatives who are actually part of the ransomware network.
Chaos employs LOLbins, executable files native to Windows environments, allowing attackers to leverage existing systems to compromise targets.
Chaos' predecessor, BlackSuit, is a rebranding of Royal, which is a splinter group of the Conti ransomware group.
Collection
[
|
...
]