Ransomware - Mike Tyson

Mike Tyson
Aliases
Tyson
Description

Mike Tyson ransomware, dubbed "Tyson" for short, is a variant of the Chaos ransomware family and obviously refers to the boxer Mike Tyson. Derivatives of Chaos are created using the Chaos Ransomware builders, of which there are six primary versions (including Yashma, traditionally referred to as version 6). This variant is believed to be from Chaos 5.0, specifically Chaos 5.2. The determination for this is that it can change the desktop wallpaper, which is applicable for only version 4.0 and beyond, and it encrypts files larger than 2 MB external of the C drive; only applicable to versions 5.0 and on. It is not Yashma because the ransom note mimicked the Chaos 5.2 boilerplate text almost verbatim, besides the ransom amount and crypto wallet, and the Yashma note is significantly different in terms of how it's worded. We believe it's specifically version 5.2 because this is the only ransomware builder easily found on GitHub at the time of the creation of this variant - September 2024. For these reasons, we believe Mike Tyson is a one-off Chaos 5.2 derivative likely created for the "lulz." Since we already know the technical details of Chaos 5.2, we copied them below. We've also included the ransom note names, images, and encrypted file names below.

Ransomware Type
Crypto-Ransomware
First Seen
Last Seen
Extortion Types
Direct Extortion
Extortion Amounts
Amount
0.0051BTC($300)
Encryption
Type
Hybrid
Files
AES-256-CBC
Key
RSA-1024
Crypto Wallets
Blockchain Type
Crypto Wallet
BTC
bc1q909n8v9tmhfnh5ptrfjqjum2tp9tuucag6ldvm
File Extension
<file name>.<file extension>.tyson
Ransom Note Name
DECRYPTION INSTRUCTIONS.txt
s2cidnsgj.jpg
Samples (SHA-256)
406337dbfba659d877a6c9caa22a6f53e3d16b564f5259e88916411ac05e5086
References & Publications