FBI Confiscates $2.4 Million Worth of Bitcoin from a Member Belonging to the Rising Chaos Ransomware Gang
FBI Seizes Over $2 Million in Cryptocurrency from Chaos Ransomware Group
In a significant move against cybercrime, the FBI announced on July 28, 2025, the seizure of over $1.7 million worth of cryptocurrency as part of ongoing efforts to combat ransomware. The seized funds belonged to the Chaos ransomware group, a newly emerged ransomware-as-a-service (RaaS) operator.
First identified in February 2025, the Chaos ransomware group is a Russian-speaking cybercriminal gang that actively recruits affiliates on the dark web forum Ransom Anon Market Place (RAMP). They offer a cross-platform ransomware that targets Windows, ESXi, Linux, and NAS systems.
The group's ransomware emphasizes high-speed encryption, individual file encryption keys, and network resource scanning, alongside robust anti-analysis measures to evade detection and complicate recovery. They conduct big-game hunting and double extortion attacks, encrypting victim files and threatening to leak stolen data if ransoms are not paid.
The Chaos ransomware software encrypts the host system's files with the ".chaos" file extension and does not initially provide ransom or payment instructions; instead, they provide a Tor onion URL for victims to contact the actor. If the victim contacts the actor and pays the ransom, the actor will decrypt any files that Chaos' software encrypted and supposedly permanently delete any stolen data.
Notably, the group avoids targeting hospitals, government entities, and entities in BRICS/CIS countries. Their victims span multiple sectors with no apparent specific vertical focus, mainly in the United States but also in the UK, New Zealand, and India.
One of the most significant law enforcement actions against the Chaos group occurred on April 15, 2025, when the FBI in Dallas seized 20.2891382 Bitcoin worth approximately $2.4 million from a member of the group. The United States Attorney's office in the Northern District of Texas has filed a civil complaint seeking the forfeiture of the 20 Bitcoins to the United States government.
The Chaos ransomware group has gained popularity quickly since its inception and has caught the attention of large corporations like Broadcom. Despite their use of cryptocurrency to obscure transactions, law enforcement has shown that they can still disrupt their operations and recover extorted funds.
References:
- Cisco Talos
- Techzine
- Tom’s Hardware
- Infosecurity Magazine
- The FBI's seizure of over $2 million in cryptocurrency from the Chaos ransomware group is a testament to the ongoing battle against cybercrime and its intersection with technology, a general news topic that has gained increased attention in recent years.
- The Chaos ransomware group, infamous for their cross-platform ransomware that has victimized entities across various sectors, has found itself in the crosshairs of crime and justice, as law enforcement continues to actively disrupt their operations and recover extorted funds, highlighting the importance of cybersecurity in today's technology-driven world.
