CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Chaos Ransomware Evolves with Destructive C++ Variant

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Chaos ransomware has been upgraded with a new C++ variant that introduces aggressive tactics, including destructive file deletion and clipboard hijacking for cryptocurrency theft. This variant, identified by FortiGuard Labs, enhances the ransomware's operational efficiency and financial impact. The new features include a combination of encryption methods, sophisticated clipboard hijacking, and targeted file deletion based on size. The ransomware waits 15 seconds after execution to avoid sandbox detection and starts by enumerating user directories. The new variant of Chaos ransomware is designed to maximize financial gain through both destructive encryption and covert financial theft. It targets specific file sizes for encryption, skipping some to reduce detection and deleting very large files to cause irreversible data loss. The clipboard hijacking feature redirects Bitcoin payments to the attacker's wallet.

Timeline

  1. 09.10.2025 12:44 1 articles · 7h ago

    New C++ Variant of Chaos Ransomware Introduces Aggressive Tactics

    Chaos ransomware has been upgraded with a new C++ variant that introduces aggressive tactics, including destructive file deletion and clipboard hijacking for cryptocurrency theft. This variant, identified by FortiGuard Labs, enhances the ransomware's operational efficiency and financial impact. The new features include a combination of encryption methods, sophisticated clipboard hijacking, and targeted file deletion based on size. The ransomware waits 15 seconds after execution to avoid sandbox detection and starts by enumerating user directories.

    Show sources
    Open in new tab

Information Snippets

  • Chaos ransomware has been upgraded with a new C++ variant, marking its first version not written in .NET.

    First reported: 09.10.2025 12:44
    1 source, 1 article
    Show sources

  • The new variant introduces a combination of encryption methods, including deleting large files rather than encrypting them.

    First reported: 09.10.2025 12:44
    1 source, 1 article
    Show sources

  • The ransomware waits 15 seconds after execution to avoid sandbox detection and starts by enumerating user directories.

    First reported: 09.10.2025 12:44
    1 source, 1 article
    Show sources

  • Files less than 50 MB are fully encrypted, files between 50 MB and 1.3 GB are skipped, and files larger than 1.3 GB are deleted.

    First reported: 09.10.2025 12:44
    1 source, 1 article
    Show sources

  • The new variant includes a clipboard hijacking mechanism that redirects Bitcoin payments to the attacker's wallet.

    First reported: 09.10.2025 12:44
    1 source, 1 article
    Show sources

  • Chaos ransomware is a ransomware-as-a-service operation that specializes in big-game hunting and double-extortion attacks.

    First reported: 09.10.2025 12:44
    1 source, 1 article
    Show sources

  • FortiGuard Labs has provided detailed technical analysis and indicators of compromise (IoCs) for the new variant.

    First reported: 09.10.2025 12:44
    1 source, 1 article
    Show sources