0mid16B is a Singaporean national living in Thailand who was arrested in February 2025. It was not a "group," as the individual who ran the operation often claimed. He would use an alias and then change his name on forums and marketplaces to mask his identity. However, many researchers, primarily Group-IB and DataBreaches.net, knew this was the same individual based on his writing style and format of posts. Over the few years he was active, he went by Chaoscc, DESORDEN, ALTDOS, GHOSTR, 0mid16B, and CrowdStrike gave him the name Chaotic Spider. After his arrest, which was cordinated by several law enforcement agencies in Southeast Asia in conjunction with Group-IB, we learned his name was Chingwei, and he cooperated with law enforcement once he was caught. We chose the 0mid16B name for this entry because it was the most recent one used and stood out the most. However, most of his attacks occurred under the DESORDEN name.
According to Group-IB and public accounts of Chingwei, the timeline of his aliases was as follows:
- Chaoscc/ALTDOS: May 2020 - September 2021
- DESORDEN: September 2021 - September 2023
- GHOSTR: October 2023 - August 2024
- 0mid16B: August 2024 - February 2025
Chingwei was financially motivated and mostly breached member countries of the Association of Southeast Asian Nations (ASEAN), particularly Malaysia, Singapore, and Thailand. However, he began attacking more Western countries after losing reputation on hacker forums from being banned for multi-accounting, which is when someone gets caught using additional accounts after getting banned on forums. Since reputation is all you have on anonymous hacking forums, losing that is a death blow. He used the name GHOSTR when he got banned for multi-accounting. After that, he changed his name to 0mid16B, changed his writing style (primarily), and began attacking countries outside of ASEAN to mask his identity better. That is, until he was arrested.
He used unorthodox extortion methods during his tenure to obtain his ill-gotten gains. He would directly extort victims, and if they didn't pay, he would leak part of the stolen data on hacking forums and use middlemen to sell the data to other groups. He claims the data were usually purchased by Chinese-based scam groups out of Malaysia, Cambodia, and Laos. Some other methods were attacking the victim multiple times, especially conglomerates with various subsidiaries, disclosing the breaches to regulators and the media, denial of service attacks, contacting customers and clients about the breach, website defacing, and forcing the victim companies to disclose the breach to the media and government (forced disclosure).
Even his communication methods were dissimilar to those of most other ransomware groups. He mostly used Matrix to communicate with victims but also employed Telegram, Teamviewer, Jabber, email, and TOX. Chingwei also used several hacking forums to communicate with victims and sell stolen data: BreachForums, CRACKED, CryptBB, DarkForums, RaidForums, and Sinisterly, with possibly more we couldn't uncover. During his stint as 0mid16B, he also used Twitter/X to perform disclosures. This was part of his effort to mask his identity, which obviously didn't work out well.
Finally, since this is a ransomware tracker, it's worth noting that, according to Chingwei, he did "not use ransomware in most of their attacks." His phrasing implies that some did use ransomware, and he did have a few forum posts discussing the Chaos and Yashma ransomware builders, which he wasn't a fan of. As part of his efforts to communicate with media and researchers, he often communicated with the authors of DataBreaches.net, which, as you can see by our references, is where a lot of this research comes from. He told them that he had used AES-256 encryption for some databases he encountered, which is up for interpretation if that was a ransomware encryptor or if he would encrypt these databases using local encryption methods.
Extortion Links(11)
Extortion Amounts(8)
Communication(10)
Known Victims(99)
| Industry Sector | Paese | Extortion Date | Amount (USD) |
|---|---|---|---|
| Banking & Finance | Thailand | 170 BTC($3,103,381) | |
| Telecommunications | Thailand | $500,000 | |
| Conglomerate | Thailand | ||
| Music & Entertainment | Thailand | ||
| Retail & Wholesale | Thailand | ||
| Conglomerate | Bangladesh | ||
| Retail & Wholesale | Singapore | $75,000 | |
| Maritime | Singapore | ||
| Electronics | Singapore | ||
| Real Estate & Housing | Singapore | 10 BTC($416,019) | |
| Conglomerate | Malaysia | ||
| Transportation, Distribution & Logistics | Malaysia | ||
| Transportation, Distribution & Logistics | Malaysia | ||
| Electronics | India | ||
| Hospitality & Leisure | Thailand | ||
| Food & Beverage | Thailand | $900,000 | |
| Electronics | Taiwan | ||
| Beauty & Cosmetology | Thailand | ||
| Beauty & Cosmetology | Thailand | ||
| Insurance | Thailand | ||
| Professional Services | Thailand | ||
| Insurance | Thailand | ||
| Real Estate & Housing | Thailand | ||
| Music & Entertainment | Thailand | ||
| Music & Entertainment | Thailand | ||
| Transportation, Distribution & Logistics | Indonesia | ||
| Food & Beverage | Indonesia | ||
| Automotive | Indonesia | ||
| Telecommunications | Malaysia | ||
| Information Technology | Indonesia | 0.005 USD per record | |
| Telecommunications | Malaysia | ||
| Beauty & Cosmetology | Thailand | ||
| Transportation, Distribution & Logistics | Singapore | ||
| Retail & Wholesale | Taiwan | ||
| Banking & Finance | Malaysia | ||
| Maritime | Malaysia | ||
| Utilities | Malaysia | ||
| Electronics | Taiwan | ||
| Telecommunications | Thailand | ||
| Healthcare & Medicine | India | ||
| Healthcare & Medicine | India | ||
| Healthcare & Medicine | India | ||
| Healthcare & Medicine | Thailand | ||
| Banking & Finance | United Kingdom | ||
| Electronics | Thailand | ||
| Food & Beverage | Thailand | ||
| Conglomerate | Singapore | ||
| Information Technology | Singapore | ||
| Telecommunications | Singapore | ||
| Electronics | Taiwan | ||
| Information Technology | Germany | ||
| Transportation, Distribution & Logistics | Australia | ||
| Banking & Finance | Singapore | ||
| Banking & Finance | Singapore | ||
| Banking & Finance | Singapore | ||
| Banking & Finance | Singapore | ||
| Banking & Finance | Singapore | ||
| Banking & Finance | Singapore | ||
| Banking & Finance | Singapore | ||
| Banking & Finance | Singapore | ||
| Banking & Finance | Singapore | ||
| Banking & Finance | Singapore | ||
| Banking & Finance | Singapore | ||
| Banking & Finance | Singapore | ||
| Information Technology | India | ||
| IT Consulting | Singapore | ||
| Hospitality & Leisure | United Arab Emirates | ||
| Utilities | Thailand | ||
| Environmental Services | Canada | ||
| Environmental Services | Canada | ||
| Environmental Services | Canada | ||
| Environmental Services | Canada | ||
| Environmental Services | Canada | ||
| Environmental Services | Canada | ||
| Environmental Services | Canada | ||
| Environmental Services | Canada | ||
| Information Technology | Singapore | ||
| Food & Beverage | Thailand | ||
| Banking & Finance | United States | ||
| Retail & Wholesale | United Arab Emirates | ||
| Retail & Wholesale | Thailand | ||
| Retail & Wholesale | China | ||
| Conglomerate | Thailand | ||
| Information Technology | Austria | ||
| Media & Marketing | United States | ||
| Healthcare & Medicine | Pakistan | ||
| Arts & Fine Arts | United Kingdom | 50,000 GBP($62,741) | |
| Architectural Services | China | ||
| Insurance | India | ||
| IT Consulting | United States | ||
| Healthcare & Medicine | Pakistan | ||
| Insurance | India | ||
| Insurance | India | ||
| Fashion & Textiles | Pakistan | ||
| Information Technology | United States | ||
| Fashion & Textiles | Pakistan | ||
| Fashion & Textiles | Pakistan | ||
| Engineering Services | Pakistan | ||
| Healthcare & Medicine | United States |