Skip Navigation
BlackBerry Blog

BlackBerry Prevents Yashma Ransomware

CYBERSECURITY / 06.27.22 / Hector Diaz

A new version of the Chaos ransomware family, renamed “Yashma,” has been unveiled by its creator. And a chance online exchange between a ransomware perpetrator and victim provided us with new information on the origins of Chaos, and the family tree that ties it to both its Onyx and Yashma variants.

The discussion took place on the “official” Onyx ransomware leak site, where someone claiming to be the creator of the Chaos ransomware kit joined an ongoing conversation between the Onyx threat group and a recent victim. The Chaos author made the accusation that Onyx is a mere copycat, constructed with the author’s own Chaos v4.0 Ransomware Builder.

The author then promoted the current version of their Chaos ransomware line, now known as “Yashma.” The Chaos creator’s intent to call out the copycat origins of Onyx is ironic, given how the first version of Chaos originally presented itself as a .Net version of the infamous Ryuk ransomware, complete with Ryuk branding on its graphical user interface (GUI). This tactic had a vastly negative response on the underground forums that prompted the threat’s creator to quickly rebrand this new creation as “Chaos.”

Chaos/Yashma is particularly dangerous because of its flexibility and widespread availability. Distributed as a malware builder, any threat actors that purchase it can develop their own ransomware strains to target their chosen victims. This makes tracking Chaos ransomware attacks extremely difficult, as Indicators of Compromise (IOCs) can change with each sample produced by a malware builder.

See how BlackBerry prevents Yashma attacks in our demo video, which shows BlackBerry® products going head-to-head with a live sample of Yashma.

DEMO VIDEO: BlackBerry vs. Yashma Ransomware

Learn more about Yashma Ransomware in our deep dive blog: Yashma Ransomware, Tracing the Chaos Family Tree

Figure 1 – In our demo video above, six versions of Chaos/Yashma are pitted against CylancePROTECT®
 
Figure 2: CylancePROTECT® prevents all six versions of Chaos/Yashma from accessing the target system, stopping each attack before it occurs
 

CylancePROTECT® provides automated malware prevention, application and script control, memory protection, and device policy enforcement. Our AI-based Endpoint Protection Platform (EPP) blocks cyberattacks and provides controls for safeguarding against sophisticated threats such as Yashma/Chaos ransomware.

BlackBerry Assistance

Regardless of your existing BlackBerry relationship, the BlackBerry Incident Response team can work with organizations of any size and across any vertical, to evaluate and enhance your endpoint security posture and proactively maintain the security, integrity, and resilience of your network infrastructure. 

For emergency assistance, please email us at DLIR@blackberry.com, or use our handraiser form. 

Video Transcript

In this video, we are going to test the various versions of Chaos ransomware, from version 1.0 which is from 2021 to the most recent rebrand in May 2022, Yashma 1.2. We will test to confirm the Temporal Predictive Advantage that CylancePROTECT® can bring across the board, throughout the history of this particular ransomware group. 

We built fresh samples of each version that have not been in the wild, to guarantee that we are not testing old or known samples in each case. 

Here we have a machine learning (ML) model from October 2015, running on a virtual machine with no internet connectivity or operating system updates. Let’s copy these files and try to execute them in a row. As you can see, all of them are prevented from running, pre-execution, through the power of AI. Chaos/Yashma is no match for the power of our machine learning models. 

Prevention is possible, with BlackBerry.

Hector Diaz

About Hector Diaz

 Senior Technical Marketing Manager at BlackBerry

Hector Diaz is a Senior Technical Marketing Manager for Latin America and the Caribbean at BlackBerry. Hector works with Engineering and Product Management to translate technology concepts into digestible pieces, evangelizing and educating people about Artificial Intelligence (AI) applied to cybersecurity.

With over 15 years of experience in cybersecurity, Hector is a respected professional who is in-demand at trade shows, partner training and customer engagements across Latin America and the Caribbean Region.