Chaos

Ransomware family first seen in June 2021.

Chaos Ransomware

Deletes shadow copies

Ransomware often targets backup files to inhibit system recovery.

Modifies boot configuration data using bcdedit

Deletes backup catalog

Uses wbadmin.exe to inhibit system recovery.

Executes dropped EXE

Modifies extensions of user files

Ransomware generally changes the extension on encrypted files.