A newly emerged ransomware-as-a-service (RaaS) gang known as Chaos has surfaced in the cybersecurity landscape, reportedly made up of former members of the BlackSuit crew. The emergence of Chaos follows a significant law enforcement seizure of BlackSuit’s dark web infrastructure.
Since its inception in February 2025, Chaos has rapidly adopted tactics associated with large-scale cyber extortion and big-game hunting. Researchers from Cisco Talos have indicated that actors behind Chaos initiated their operations through low-effort spam techniques, escalating to voice-based social engineering to gain access to victim systems, followed by the abuse of remote management tools for sustained connections and data exfiltration.
Chaos employs advanced methodologies including multi-threaded rapid selective encryption and various anti-analysis technologies, targeting both local and network resources. Its capabilities allow for maximum impact while simultaneously hindering detection and recovery measures. Notably, Chaos should not be confused with existing Chaos ransomware builder variants like Yashma and Lucky_Gh0$t, as they are unrelated.
Targeting primarily US-based victims, Chaos has been observed demanding ransoms upwards of $300,000 in exchange for decryptor access and detailed security assessments of compromised systems. The gang’s infiltration methods include phishing and voice phishing tactics to trick users into installing remote desktop software, particularly Microsoft Quick Assist.
In another significant development, U.S. law enforcement agencies including the FBI and Department of Justice reported the seizure of 20.29 BTC, valued at over $2.4 million, connected to a member of Chaos known as Hors. This move underscores ongoing efforts to curtail the growing threat of ransomware.
The ransomware landscape is under constant evolution, with new strains like Backups and Bert emerging around the same period. Experts argue that despite a reduction in the number of ransomware attacks, evolving threat actors are leveraging advanced social engineering tactics to adapt to law enforcement actions.
In light of these developments, cybersecurity specialists express the need for heightened vigilance and robust security measures to protect against the capabilities of new ransomware variants like Chaos, which illustrate the ongoing risks faced by organizations globally.