Chaos

Ransomware family first seen in June 2021.

Chaos Ransomware

Deletes shadow copies

Ransomware often targets backup files to inhibit system recovery.

Detects command variations typically used by ransomware

Detects executables containing many references to VEEAM. Observed in ransomware

Modifies boot configuration data using bcdedit

Deletes backup catalog

Uses wbadmin.exe to inhibit system recovery.

Disables Task Manager via registry modification