Technology

After BlackSuit is taken down, new ransomware group Chaos emerges

Source

Ars Technica

Published

Jul 26, 2025

TL;DR

AI Generated

After the takedown of the BlackSuit ransomware group, a new group named Chaos has emerged, likely with some of the same members. Chaos encrypts files with a .chaos extension and sends ransom notes named "readme.chaos[.]txt" to victims. The group, active since February, targets organizations in the US, UK, New Zealand, and India, demanding around $300,000 in ransom. Victims who pay receive a decryptor and a vulnerability report, while those who refuse risk permanent data loss, public disclosure, and DDoS attacks.

Read Full Article

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Security firm Checkmarx has been targeted in a series of supply-chain attacks over the past six weeks, with malware being pushed to customers through compromised accounts. The attacks began with the breach of the Trivy vulnerability scanner, leading to malware being distributed to Checkmarx users. Checkmarx's GitHub account was also compromised, leading to the dissemination of malware to its users. The company faced additional malware pushes, indicating ongoing security challenges. A ransomware group known as Lapsu$ recently dumped Checkmarx's private data on the dark web, suggesting persistent access by attackers.

Ars Technica•

2 days ago

Ransomware accidentally destroys all files larger than 128KB, preventing decryption — VECT code likely partly vibe coded with AI or used an old code base, security researchers suggest

The VECT ransomware, discovered in December 2025, contains a critical bug that turns it into a wiper, destroying files larger than 128KB and preventing decryption. Check Point Research found that the ransomware's flawed programming causes irreversible damage to encrypted files, rendering payment to unlock data ineffective. The ransomware's code also exhibits various other issues, leading researchers to speculate that it may have been partly generated with AI or based on outdated code. Despite these flaws, the group behind VECT appears sophisticated, with multi-platform capabilities and partnerships with other threat actors. The researchers warn that the group could potentially fix these issues and release a more effective version in the future, leveraging its existing distribution system to infect more systems.

Tom's Hardware•

2 days ago

In a first, a ransomware family is confirmed to be quantum-safe

A new ransomware family named Kyber claims to be quantum-safe by using ML-KEM encryption, a post-quantum cryptography standard. This encryption method is designed to be resistant to attacks by quantum computers, unlike traditional methods like Elliptic Curve and RSA. Security firm Rapid7 confirmed that Kyber uses the highest strength version of ML-KEM to encrypt victims' data with AES-256, making it the first known case of ransomware utilizing post-quantum cryptography. This development highlights the evolving tactics of cybercriminals to enhance the security of their malicious activities.

Ars Technica•

1 week ago

Ransomware negotiator pleads guilty after leaking victims' insurance details to 'BlackCat' hackers — perp gave attackers a precise picture of exactly how much each target could afford to pay

Former ransomware negotiator Angelo Martino has pleaded guilty to collaborating with the ALPHV/BlackCat ransomware gang to extort five U.S. companies, providing confidential details about the victims' insurance policies and negotiation perceptions. Martino's actions led to over $75 million in ransom payments, with individual payments exceeding $25 million. He also participated in deploying BlackCat ransomware against additional U.S. victims, demanding over $16 million in ransom. Law enforcement has seized more than $10 million from Martino, including cryptocurrency and various assets purchased with illicit proceeds. Martino, along with his co-conspirators, faces a maximum of 20 years in prison, with sentencing scheduled for July 9th.