Ransomware threat infographic: Chaos logo morphing into C++ code with red destructive icons (file deletion, clipboard swap for Bitcoin wallet), encryption chains on folders, FortiGuard shield blocking attacks; background shows locked computer with exfiltr

FortiGuard Labs has uncovered a new C++ version of Chaos ransomware—the first not built in .NET—making it faster, more destructive, and harder to detect. This ransomware-as-a-service (RaaS) operation, likely run by ex-BlackSuit members, targets big-game hunting with double-extortion tactics, encrypting files while exfiltrating data for leaks. The upgrade emphasizes efficiency and financial gain, adding wiper capabilities and clipboard hijacking to steal cryptocurrency.

Ransomware threat infographic: Chaos logo morphing into C++ code with red destructive icons (file deletion, clipboard swap for Bitcoin wallet), encryption chains on folders, FortiGuard shield blocking attacks; background shows locked computer with exfiltrRansomware threat infographic: Chaos logo morphing into C++ code with red destructive icons (file deletion, clipboard swap for Bitcoin wallet), encryption chains on folders, FortiGuard shield blocking attacks; background shows locked computer with exfiltr

The variant delays 15 seconds post-execution to evade sandboxes, then scans user folders (Desktop, Documents, Downloads) before expanding to drives. Encryption is selective: full for files under 50MB, skipped for 50MB-1.3GB (to speed up and avoid backup alerts), and deleted for larger ones (>1.3GB), causing irreversible loss of archives and databases. This aggressive approach risks reducing victim incentives to pay but maximizes operational speed.

Ransomware threat infographic: Chaos logo morphing into C++ code with red destructive icons (file deletion, clipboard swap for Bitcoin wallet), encryption chains on folders, FortiGuard shield blocking attacks; background shows locked computer with exfiltrRansomware threat infographic: Chaos logo morphing into C++ code with red destructive icons (file deletion, clipboard swap for Bitcoin wallet), encryption chains on folders, FortiGuard shield blocking attacks; background shows locked computer with exfiltr

A standout feature is clipboard hijacking, swapping copied Bitcoin addresses with attackers' wallets for covert theft. Overall, Chaos-C++ amplifies impact through multifaceted threats, underscoring the need for robust backups, endpoint detection, and rapid patching to counter this evolving RaaS menace.
 

NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security