Yashma Ransomware Variant Identified in Wild

  • By Patrick Ryan
  • May 26, 2022

A new ransomware variant dubbed Yashma has been pinpointed in the wild. The Chaos builder represents the latest version of the ransomware line. Though this unique builder for ransomware has only been in what the industry’s insiders refer to as the “wild” for a single year, it is already on its sixth iteration. 

The BlackBerry intelligence and research team recently shared details of the new ransomware variant with members of the media. Let’s look at the Yashma ransomware variant, and the importance of updating digital security defenses as new versions of ransomware continue to emerge.

What is Chaos Ransomware all About?

Chaos is a customizable form of ransomware. This builder debuted in forums on the dark web in early June of 2021, initially advertising itself as Ryuk, but it is actually a .NET spinoff variation. The truth is there is no commonality between Chaos and Ryuk. In the context of digital security, what matters most is that the builder is available for purchase, meaning anyone with cruel intentions can buy it and use it to create their own ransomware concoctions, meaning it has the potential to become a significant threat.  

What is the Purpose of Each Variation?

Five variations of the ransomware have been made, each with the goal of enhancing its overarching functionality. The updates came in June, July, August, and now in the second financial quarter of 2022. The initial three variants of the ransomware operated similar to a destructive trojan as opposed to conventional ransomware.  

The variant referred to as DChaos 4.0 extended the process used for data encryption by heightening the file maximum all the way up to a possible 2.1MB available for encryption. The version 4.0 update was weaponized by a group of hackers referred to as “Onyx” in April of this year. The attack occurred using an updated ransomware note and a narrower file extensions list for targeting.

Chaos 5.0 made an effort to resolve the most significant oversights of the prior incarnations. More specifically, Chaos 5.0 set the stage for encrypting files larger than 2 MB in size without causing irretrievable corruption.  

How is Yashma More Advanced Than Previous Incarnations?

Yashma, the latest variant of ransomware to be featured on the list, brings two significant enhancements to the table. Yashma provides the ability to halt execution in accordance with the location of a victim or even terminate processes tied to backup software and antivirus.

Will Chaos Continue to Morph Into new Variations?

Indeed, it is highly likely that Chaos will continue to take shape, morphing into new variations as time progresses. It is worth noting that Chaos originated as a plain attempt at using a .NET compiled in the form of ransomware to work as a wiper or destructor of files.  

Chaos has since become a comprehensive form of ransomware with highly distinct functions and features. Look for this ransomware to evolve even more as the war between Russia and Ukraine continues to escalate, and the digital security community becomes even more on edge.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “Alien ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

Misconfigured Database Spurs Theft of 63 Million OneMoreLead Records

Misconfigured Database Spurs Theft of 63 Million OneMoreLead Records

OneMoreLead, a business-to-business (B2B) marketing enterprise, suffered a significant data breach late last year. The marketing company left a database misconfigured, prompting the unintentional leaking of 63 million records. 

How to Prevent Data Loss from a Phone Scam

How to Prevent Data Loss from a Phone Scam

When you think of scams, you probably think of them as someone trying to trick you out of money. While data loss is typically not the primary goal of a scam, it can be the outcome.

UNM Health Data Breach

UNM Health Data Breach

The personal information of nearly 700,000 individuals was stolen in a data breach at the University of New Mexico Health. The data breach was revealed in the second half of 2021.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.