Ransomware Tracker (Entry #222): Mike Tyson

Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/mike-tyson
Mike Tyson ransomware, dubbed "Tyson" for short, is a variant of the Chaos ransomware family and obviously refers to the boxer Mike Tyson. Derivatives of Chaos are created using the Chaos Ransomware builders, of which there are six primary versions (including Yashma, traditionally referred to as version 6). This variant is believed to be from Chaos 5.0, specifically Chaos 5.2. The determination for this is that it can change the desktop wallpaper, which is applicable for only version 4.0 and beyond, and it encrypts files larger than 2 MB external of the C drive; only applicable to versions 5.0 and on. It is not Yashma because the ransom note mimicked the Chaos 5.2 boilerplate text almost verbatim, besides the ransom amount and crypto wallet, and the Yashma note is significantly different in terms of how it's worded. We believe it's specifically version 5.2 because this is the only ransomware builder easily found on GitHub at the time of the creation of this variant - September 2024. For these reasons, we believe Mike Tyson is a one-off Chaos 5.2 derivative likely created for the "lulz." Since we already know the technical details of Chaos 5.2, we copied them below. We've also included the ransom note names, images, and encrypted file names below.