ThinkMarkets Hit By Chaos Ransomware In Major Data Breach

ThinkMarkets Suffers Ransomware Breach

Australian online brokerage ThinkMarkets has been listed as a victim of a ransomware attack by a group calling itself Chaos, which claims to have stolen and leaked 512 gigabytes of sensitive data.

The group posted ThinkMarkets on its dark web extortion site on 8 December, alongside another unnamed victim. The leaked files appear to include human resources records, client disputes, legal advice, company policies, and trading information. Cyber Daily reporters also observed passport scans of employees and know-your-customer (KYC) documents belonging to clients.

ThinkMarkets has not issued a public statement or responded to requests for comment.

Who is Chaos?

Chaos is a relatively new ransomware group, first detected in February 2025, and has claimed 28 victims to date. Analysts at Talos Intelligence describe the group as active on Russian-language hacking forums, where it promotes its ransomware and recruits affiliates.

The malware is advertised as compatible with Windows, ESXi, Linux, and NAS systems, offering features such as individual file encryption keys, rapid encryption speeds, and network resource scanning. Chaos also provides an automated management panel for affiliates, requiring a paid entry fee that is refunded after the first ransom payment.

The group has stated it avoids targeting BRICS/CIS countries, hospitals, and government entities, focusing instead on corporate victims.

About ThinkMarkets

Headquartered in Melbourne, ThinkMarkets operates globally with offices in the Middle East, South Africa, Europe, and the United States. Originally launched as ThinkForex in 2012 under regulation by the Australian Securities and Investments Commission (ASIC), the firm rebranded as ThinkMarkets in 2016.

The company markets itself as a provider of innovative online trading services, offering clients advanced tools, educational resources, and customer support.