Unmasking the new Chaos RaaS group attacks

Description

Cisco Talos Incident Response has observed attacks by Chaos, a new ransomware-as-a-service group conducting big-game hunting and double extortion attacks. The group uses spam flooding, voice-based social engineering, RMM tool abuse, and legitimate file-sharing software for data exfiltration. Their ransomware employs multi-threaded rapid selective encryption and anti-analysis techniques, targeting both local and network resources. Chaos is likely formed by former BlackSuit (Royal) gang members, based on similarities in encryption methodology, ransom note structure, and toolset. The group has impacted various business verticals, predominantly in the U.S., UK, New Zealand, and India. They use the '.chaos' file extension and demand ransoms around $300K, threatening data disclosure and DDoS attacks if not paid.