A new ransomware group called Chaos has launched attacks across multiple sectors, primarily targeting US organizations with some victims in the UK, New Zealand, and India. The gang, which emerged in February 2025, uses sophisticated social engineering tactics—flooding targets with spam emails then impersonating IT security staff over phone calls to trick victims into granting remote access via Microsoft Quick Assist.
Cisco Talos researchers believe Chaos is likely formed by former BlackSuit/Royal gang members based on similar encryption methods and ransom note structures. The group demands large ransoms (one case involved $300,000) and threatens DDoS attacks plus data disclosure if victims don't pay.
Source: Infosecurity