"Chaos Ransomware Builder Linked to Onyx and Yashma Variants"

Researchers recently reported new findings surrounding the Chaos ransomware builder. The study revealed a family tree that links it to both the Onyx and Yashma ransomware variants. The BlackBerry research and intelligence team said there are signs linking the Chaos malware to Onyx and Yashma, which surfaced during a discussion between a recent victim and the threat group behind Onyx ransomware. The discussion occurred on the threat actor's leak site. The researchers say someone claiming to be the creator of the Chaos ransomware builder's kit joined the conversation, and revealed that Onyx was constructed based on the author's own Chaos v4.0 Ransomware Builder. The author then promoted the most current version of the Chaos ransomware line, which is now renamed Yashma. According to BlackBerry researchers, what makes Chaos-Yashma dangerous is its flexibility and widespread availability. Since the software is initially marketed and distributed as a malware builder, any threat actor who acquires it can mimic the threat organization behind Onyx, building their own ransomware strains and targeting specific victims. This article continues to discuss the linking of Onyx and Yashma ransomware with the Chaos ransomware builder, as well as the growth of ransomware tooling. 

SC Media reports "Chaos Ransomware Builder Linked to Onyx and Yashma Variants"