Chaos is a new ransomware risk being developed in 2021. What can you do to protect your data from encryption and ransom?
The term malware (a portmanteau of the words “malicious” and “software”) is used to describe any harmful software intentionally designed to damage or destroy an electronic device.
Your computer has almost certainly had to fight off malware at some point—perhaps a virus, a trojan horse, or a worm—but have you ever encountered ransomware?
If you have, you know how dangerous it can be. If you haven’t, well, you just might, because ransomware attacks are on the rise.
What Is Ransomware?
As the name suggests,and demands a ransom payment to unlock it.
There are countless strains of ransomware, but this type of malicious software mainly falls into two categories: encryption-based ransomware and scareware.
Regular, encryption-based ransomware works by locking the victim out of their files.
Scareware is more sophisticated and uses social engineering techniques, such as impersonating a legitimate entity (e.g. a government, an antivirus company) to trick the victim into paying a fine or purchasing unwanted software.
What Is Chaos Ransomware?
Since June 2021,researchers have been monitoring Chaos, an in-development ransomware builder that is being offered on underground hacker forums, where it is advertised as a new version of Ryuk, which the FBI once described as the most profitable ransomware in history.
Chaos does not seem to be as dangerous and effective as Ryuk, but that doesn’t mean it won’t be at some point. In fact, according to Trend Micro’s Monte de Jesus and Don Ovid Ladores, it has undergone rapid evolution in recent months.
The 1.0 version, which was released on June 9, 2021 seemed more like a Trojan than ransomware, since it destroyed files instead of actually encrypting them.
The slightly more sophisticated version 2.0, which was released on June 17, had the ability to disableand advanced options for administrator privileges. Still, it overwrote the files instead of encrypting them, giving victims no incentive to pay the ransom.
Released on July 5, version 3.0 came with its own decrypter builder and had the ability to encrypt files under 1MB in size.
Version 4.0, which was released on August 5, increased the upper limit of files that can be encrypted to 2MB and gave the ransomware builder’s users more options, such as the ability to change their victims’ desktop wallpapers.
Every iteration would drop the following ransom note, with a Bitcoin wallet address at the bottom.
Though “far from a finished product,” Chaos could cause great damage “in the hands of a malicious actor who has access to malware distribution and deployment infrastructure,” according to Trend Micro.
So, how would one go about removing Chaos or similar ransomware?
How to Remove Chaos Ransomware
Never trust cybercriminals: They have no incentive to unlock your files even if you pay the ransom.
If you want to remove ransomware yourself, here’s how to do it.
Identify the Ransomware
Using a different device, access the internet and look for clues online. For example, you can type out the ransom message, search for crypto wallet addresses or emails the ransomware provided.
If nothing comes up, head over to. Here you can enter any email addresses the ransomware gives you for contact. ID Ransomware will then identify the malware and provide additional details about it.
Once you’ve identified the ransomware, you can try and decrypt your files. Visit the‘s website and click Decryption Tools in the upper right corner.
Enter the name of the identified ransomware in the search bar.
If there are available decryptors, this tool will provide you with a detailed guide on how to remove the ransomware that infiltrated your computer and unlock or recover the encrypted files.
Chaos has not been released into the wild yet, so, naturally, there are no decryptors. To illustrate how this site works, we’ll type “Jigsaw” in the search bar.
Jigsaw is an encrypting ransomware malware created in 2016, so it’s safe to assume it has infected thousands of computers.
As you can see below, the site offers several different decryptors and how-to guides.
If there are no available decryptors for the ransomware that infected your computer, your best bet is to contact an IT professional.
Backing Up Your Data Is Essential
In 2019, cybersecurity researchers predicted that the cost of global ransomware damages for 2021 would be around $20 Billion. We’ll see if their predictions come true, but there have already been somethis year.
For example, In May, the meat-processing company JBS Foods paid a $11 million ransom after being attacked. That same month, the American oil pipeline system Colonial Pipeline paid $5 million in ransom after reportedly being attacked by the hacking group DarkSide.
No matter how careful you are, ransomware infections can happen, which is why it’s best to take preventive measures on time. If you want to protect important data, back it up.
External storage devices are always an option. If that’s not for you, you can always use a cloud service to store and back up your data.