"Chaos Malware Walks Line Between Ransomware and Wiper"

Researchers at Trend Micro have discovered an under-construction malware called Chaos, which is being advertised on an underground forum as being available for testing. While it calls itself ransomware, an analysis revealed that it’s actually more of a wiper.  The researchers stated that Chaos has been around since June and has already cycled through four different versions, with the last one being released on August 5. This rapid development could mean that it will soon be ready for primetime, but so far, it hasn’t been used in actual attacks, the researchers stated.  Chaos started out purporting to be a .NET version of the Ryuk ransomware and came complete with Ryuk branding on its GUI. However, the researchers noted that looking under the hood of its first version reveals very little of this supposed heritage. Instead, the sample is “more akin to a destructive trojan than to traditional ransomware," the researchers noted.  The researchers also stated that instead of encrypting files (which could then be decrypted after the target paid the ransom), it replaced the files’ contents with random bytes, and then the files were encoded in Base64. This meant that affected files could no longer be restored, providing victims no incentive to pay the ransom.

Threatpost reports: "Chaos Malware Walks Line Between Ransomware and Wiper"