
Unknown Threat Actor Uses Chaos Ransomware Variant Yashma To Target English Speaking Countries In Addition To Bulgaria, China and Vietnam
YashmaChaoswin.chaosRansomware
Yashma, first described by the BlackBerry research and intelligence team in May 2022, is a rebranded version of another ransomware strain called Chaos. A month prior to its emergence, the Chaos ransomware builder was leaked in the wild.
Indicators of Compromise
www.transportesevaristomadero.comSOCRadar2023-08-17
pkho.timeline.transversallearning.comSOCRadar2023-08-17
rub.defauld.topSOCRadar2023-08-17
amrc.tuktuk.ugSOCRadar2023-08-17
moknex158.xyzSOCRadar2023-08-17
o0o.enigne.topSOCRadar2023-08-17
ffsimv.grSOCRadar2023-08-17
www.redconsultora.comSOCRadar2023-08-17
rcam.tuktuk.ugSOCRadar2023-08-17
yabynennet.xyzSOCRadar2023-08-17
purchase.lottoprize.usSOCRadar2023-08-17
mail.redseatransportuae.comSOCRadar2023-08-17
logxtai.shopSOCRadar2023-08-17
mail.kbakr.comSOCRadar2023-08-17
moneymaker.dynuddns.netSOCRadar2023-08-17
billdeckhart.comSOCRadar2023-08-17
urelishavea.onlineSOCRadar2023-08-17
www.monroefmc.comSOCRadar2023-08-17
mail.lssoman.comSOCRadar2023-08-17
www.heckelmann.infoSOCRadar2023-08-17
xcelcareers.comSOCRadar2023-08-17
mail.flumetec.comSOCRadar2023-08-17
onedirve.infoSOCRadar2023-08-17
marketisportsstumi.winSOCRadar2023-08-17
artmediastudio.roSOCRadar2023-08-17
www.cinthyarochafotografia.com.brSOCRadar2023-08-17
n57b30a.infoSOCRadar2023-08-17
polteklpp.ac.idSOCRadar2023-08-17
mail.jackandjillcoachinginn.ukSOCRadar2023-08-17
mail.ungaplc.comSOCRadar2023-08-17
mail.awelleh3.topSOCRadar2023-08-17
ftp.itvlahita.comSOCRadar2023-08-17
nstar-gw.office-northstar.jpSOCRadar2023-08-17
ndrjb.timeline.transversallearning.comSOCRadar2023-08-17
ftp.papeleriaveneplast.comSOCRadar2023-08-17
smz-llc.netSOCRadar2023-08-17
laguna.alicia-gutierrez.comSOCRadar2023-08-17
qdx.timeline.transversallearning.comSOCRadar2023-08-17
sandiisells.comSOCRadar2023-08-17
smtp.unrc.irSOCRadar2023-08-17
www.medichiccenter.comSOCRadar2023-08-17
red.loonyt.topSOCRadar2023-08-17
revolutionmakerspace.comSOCRadar2023-08-17
bejenaru-studio.roSOCRadar2023-08-17
earthqik.co.zaSOCRadar2023-08-17
irenosolutions.comSOCRadar2023-08-17
ftp.svetigeorgije.co.rsSOCRadar2023-08-17
fetchdesignprint.co.zaSOCRadar2023-08-17
www.thesciencebasement.orgSOCRadar2023-08-17
iii.tavrmon.topSOCRadar2023-08-17
game-cheat.netSOCRadar2023-08-17
mail.vitalsoap.com.pkSOCRadar2023-08-17
www.monarkpapes.comSOCRadar2023-08-17
mdelaluz.netSOCRadar2023-08-17
winetourism.co.zaSOCRadar2023-08-17
brightsidemedium.comSOCRadar2023-08-17
vikaneleneer.shopSOCRadar2023-08-17
earthqik.websiteSOCRadar2023-08-17
vapdelivery.com.brSOCRadar2023-08-17
mail.echigoseika.co.jpSOCRadar2023-08-17
mail.adityagroup.coSOCRadar2023-08-17
dodiam.liveSOCRadar2023-08-17
sszteell.comSOCRadar2023-08-17
gecitartandmore.comSOCRadar2023-08-17
lightyearsaheads.comSOCRadar2023-08-17
bts.korpop.topSOCRadar2023-08-17
bripst.comSOCRadar2023-08-17
confidententeprises.comSOCRadar2023-08-17
hncelectric.cfSOCRadar2023-08-17
smtp.godforeu.comSOCRadar2023-08-17
downloads.digitalpulsedata.comSOCRadar2023-08-17
dienmay01.maudemo.comSOCRadar2023-08-17
fuji-iasi.roSOCRadar2023-08-17
silversoft.inSOCRadar2023-08-17
manupd.ruSOCRadar2023-08-17
mail.kennettextile.co.thSOCRadar2023-08-17
mail.expertsconsultgh.coSOCRadar2023-08-17
pilkishop.ruSOCRadar2023-08-17
mail.icmpp.roSOCRadar2023-08-17
hiqsolution.comSOCRadar2023-08-17
rcn.tuktuk.ugSOCRadar2023-08-17
www.vapdelivery.com.brSOCRadar2023-08-17
gateway3.sipcanada.comSOCRadar2023-08-17
sterlingfundinginc.comSOCRadar2023-08-17
kivspace.xyzSOCRadar2023-08-17
ars1.wemix.ccSOCRadar2023-08-17
6vftqk5hzuoaxd4m6gspin3ro6f2oujh.h6762ca.1.0.6tpdtd56tfu7tsm2xx43yj6pb4.94yb3vv.dns0.orgSOCRadar2023-08-17
bb.hash3688.comSOCRadar2023-08-17
click.openSOCRadar2023-08-17
linuxddos.netSOCRadar2023-08-17
github.coSOCRadar2023-08-17
2fgithub.comSOCRadar2023-08-17
ai.nqb001.comSOCRadar2023-08-17
tomca1.comSOCRadar2023-08-17
a.nqb001.comSOCRadar2023-08-17
botnet.ddoswow.siteSOCRadar2023-08-17
tf.xiaozhuddos.coSOCRadar2023-08-17
bitantcoins.proSOCRadar2023-08-17
click.contactSOCRadar2023-08-17
repository.clickSOCRadar2023-08-17
are.nishabig.proSOCRadar2023-08-17
js.wanpay1.cnSOCRadar2023-08-17
click.talkSOCRadar2023-08-17
continue.emailSOCRadar2023-08-17
click.discoverSOCRadar2023-08-17
click.compareSOCRadar2023-08-17
x.xlg360.xyzSOCRadar2023-08-17
abc.cfed.ccSOCRadar2023-08-17
skyeda.vipSOCRadar2023-08-17
submit.orgSOCRadar2023-08-17
click.zeroSOCRadar2023-08-17
quanquandd.topSOCRadar2023-08-17
Campaign Guidance
Remediation, mitigation, notes, history and related intelligence
Remediations
Make sure you quarantine the malware from your system first.
We strongly suggest that all user accounts with remote login permissions change their passwords and look for other local accounts that ransomware operators may have added Yashma ransomware must be removed from the operating system to prevent further encryption. Unfortunately, uninstalling will not restore already infected files. The only solution is to recover them from a backup (if any).
We also recommend that you keep backups in multiple different locations (e.g. remote servers, unplugged storage devices, etc.) to ensure data security.
Reports & References2
Observed Countries250
AD (942)
AE (477)
AF (282)
AG (677)
AI (126)
AL (62)
AM (961)
AO (586)
AQ (883)
AR (734)
AS (40)
AT (23)
AU (949)
AW (818)
AX (177)
AZ (362)
BA (416)
BB (882)
BD (547)
BE (133)
BF (864)
BG (344)
BH (746)
BI (994)
BJ (537)
BL (714)
BM (245)
BN (227)
BO (118)
BQ (284)
BR (890)
BS (421)
BT (791)
BV (330)
BW (539)
BY (778)
BZ (914)
CA (247)
CC (397)
CD (47)
CF (800)
CG (172)
CH (940)
CI (78)
CK (424)
CL (169)
CM (104)
CN (922)
CO (863)
CR (950)
CU (855)
CV (284)
CW (946)
CX (266)
CY (697)
CZ (981)
DE (426)
DJ (847)
DK (322)
DM (477)
DO (867)
DZ (930)
EC (396)
EE (592)
EG (273)
EH (403)
ER (127)
ES (400)
ET (948)
FI (80)
FJ (634)
FK (907)
FM (469)
FO (774)
FR (588)
GA (333)
GB (544)
GD (26)
GE (647)
GF (187)
GG (633)
GH (968)
GI (753)
GL (154)
GM (805)
GN (327)
GP (468)
GQ (414)
GR (250)
GS (657)
GT (876)
GU (755)
GW (288)
GY (37)
HK (329)
HM (639)
HN (131)
HR (154)
HT (940)
HU (259)
ID (423)
IE (478)
IL (731)
IM (796)
IN (952)
IO (547)
IQ (525)
IR (977)
IS (699)
IT (168)
JE (53)
JM (209)
JO (502)
JP (540)
KE (6)
KG (350)
KH (384)
KI (753)
KM (974)
KN (425)
KP (855)
KR (670)
KW (92)
KY (907)
KZ (41)
LA (661)
LB (835)
LC (989)
LI (206)
LK (313)
LR (671)
LS (711)
LT (147)
LU (88)
LV (37)
LY (531)
MA (216)
MC (899)
MD (531)
ME (10)
MF (102)
MG (845)
MH (558)
MK (314)
ML (739)
MM (228)
MN (794)
MO (853)
MP (280)
MQ (86)
MR (318)
MS (459)
MT (195)
MU (496)
MV (288)
MW (555)
MX (497)
MY (161)
MZ (803)
NA (764)
NC (681)
NE (504)
NF (557)
NG (123)
NI (232)
NL (746)
NO (269)
NP (804)
NR (15)
NU (625)
NZ (586)
OM (251)
PA (923)
PE (480)
PF (163)
PG (946)
PH (44)
PK (323)
PL (186)
PM (316)
PN (352)
PR (978)
PS (699)
PT (270)
PW (44)
PY (940)
QA (781)
RE (147)
RO (468)
RS (263)
RU (749)
RW (468)
SA (426)
SB (801)
SC (95)
SD (79)
SE (408)
SG (111)
SH (344)
SI (728)
SJ (169)
SK (983)
SL (902)
SM (333)
SN (892)
SO (474)
SR (264)
SS (123)
ST (499)
SV (487)
SX (975)
SY (587)
SZ (680)
TC (404)
TD (59)
TF (744)
TG (250)
TH (759)
TJ (998)
TK (60)
TL (503)
TM (708)
TN (656)
TO (126)
TR (281)
TT (877)
TV (909)
TW (171)
TZ (532)
UA (36)
UG (551)
UM (727)
US (273)
UY (436)
UZ (104)
VA (718)
VC (253)
VE (896)
VG (351)
VI (801)
VN (512)
VU (339)
WF (405)
WS (161)
XK (106)
YE (538)
YT (697)
ZA (317)
ZM (396)
ZW (681)