Emergence of Chaos RaaS Post-BlackSuit Shutdown: $300K Extortion Demands on U.S. Targets

TL;DR

The newly emerged Chaos RaaS group, likely comprised of former BlackSuit members, has taken over the ransomware landscape. Since February 2025, they have been conducting big-game hunting and double extortion attacks, demanding up to $300,000 from U.S. victims.

Emergence of Chaos RaaS Post-BlackSuit Shutdown

In the wake of the BlackSuit crew’s dark web infrastructure being seized by law enforcement, a new ransomware-as-a-service (RaaS) gang known as Chaos has emerged. This new group is suspected to be composed of former BlackSuit members, continuing their legacy of cybercrime with renewed vigor.

Chaos RaaS: A New Threat in the Cyber Landscape

Chaos, which surfaced in February 2025, has quickly established itself as a formidable player in the ransomware landscape. The group employs aggressive tactics, including big-game hunting and double extortion attacks. These methods involve targeting high-value organizations and demanding substantial ransoms, with the threat of data leaks if demands are not met.

Targeting U.S. Victims with Hefty Ransoms

The Chaos RaaS group has been particularly active in targeting U.S. victims, demanding ransoms as high as $300,000. Their modus operandi includes:

• Big-Game Hunting: Focusing on large corporations and institutions with significant financial resources.
• Double Extortion: Encrypting victim data and threatening to release it publicly if the ransom is not paid.
• Aggressive Tactics: Using sophisticated malware and exploiting vulnerabilities to gain access to sensitive information.

Conclusion

The rise of the Chaos RaaS group underscores the ongoing threat of ransomware attacks, particularly in the wake of law enforcement actions against other cybercriminal organizations. As cyber threats continue to evolve, it is crucial for organizations to stay vigilant and implement robust cybersecurity measures to protect against such attacks.

For further insights, check: source