Chaos

Ransomware family first seen in June 2021.

Chaos Ransomware

Deletes shadow copies

Ransomware often targets backup files to inhibit system recovery.

Detects command variations typically used by ransomware

Detects executables containing many references to VEEAM. Observed in ransomware

Modifies boot configuration data using bcdedit

Renames multiple (175) files with added filename extension

This suggests ransomware activity of encrypting all the files on the system.

Deletes backup catalog

Uses wbadmin.exe to inhibit system recovery.

Disables Task Manager via registry modification