Ghostlocker

Malware updated 7 months ago (2024-05-04T20:49:58.826Z)

Download STIX

Preview STIX

GhostLocker is a harmful malware developed by the cybercrime gang GhostSec, which has seen a significant surge in its hacking activities over the past year. The group has recently introduced an updated version of this malicious software, known as GhostLocker 2.0 ransomware, a Golang variant of the original GhostLocker ransomware. This new variant has been employed in a series of double extortion attacks against numerous countries including Cuba, Argentina, Poland, China, Lebanon, Israel, Egypt, Vietnam, Thailand, and more, according to disclosure messages posted by the group on their Telegram channels and Stormous ransomware data leak site. In a surprising departure from their past activities, GhostSec has partnered with another ransomware group, Stormous, to launch a new ransomware-as-a-service (RaaS) program named STMX_GhostLocker. This program provides various options for affiliates, enabling them to distribute ransomware more widely. The RaaS platform features a Command & Control (C2) panel that gives affiliates an overview of their attacks and gains. Cybersecurity firm Uptycs notes that this move marks a significant shift in GhostSec's operations, which have traditionally targeted Israeli entities. The development and deployment of GhostLocker 2.0 signify a turning point in the ransomware market, according to cybersecurity company SOCRadar. Despite its relatively low price and low percentage basis, the accessibility of GhostLocker could potentially escalate ransomware attacks to severe levels. Furthermore, the involvement of hacktivist collectives like GhostSec in the ransomware landscape, previously focused on political activism, indicates a diversification towards financial gain. This evolution highlights the increasing complexity and sophistication of today's cyber threats.

Description last updated: 2024-05-04T16:28:53.418Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Ghostsec is a possible alias for Ghostlocker. GhostSec is a malware program that has been involved in significant cybercrime activities. Notably, this malicious software is designed to exploit and damage computer systems, infiltrating through suspicious downloads, emails, or websites without the user's knowledge. Once inside, GhostSec can steal	4
Stmx_ghostlocker is a possible alias for Ghostlocker. STMX_GhostLocker is a new and potent form of malware developed by the collaboration of two significant ransomware groups, GhostLocker and Stormous. The malware was first announced on "The Five Families" Telegram channel by the Stormous group on February 24, 2024. This malicious software is designed	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

RaaS

Encrypt

Cybercrime

Extortion

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Ghost Malware is associated with Ghostlocker. "Ghost" refers to a type of malware that was distributed through a network of GitHub accounts, known as the Stargazers Ghost Network. This malicious software was identified by Check Point Research and was spread via phishing repositories. The malware was designed to exploit and damage computer syste	Unspecified	3

Source Document References

Information about the Ghostlocker Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	The Week in Ransomware - October 20th 2023 - Fighting Back
CERT-EU	9 months ago	These two ransomware giants are joining forces to hit more victims across the world \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	U.S. Treasury Sanctions Russian Money Launderer in Cybercrime Crackdown
CERT-EU	8 months ago	You’re going to start seeing more tax-related spam, but remember, that doesn’t actually mean there’s more spam
CERT-EU	8 months ago	GhostLocker 2.0 Unleashes Cyber Haunting Spree in the Middle East, Africa, and Asia
CERT-EU	8 months ago	Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries
Securityaffairs	9 months ago	Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks
CERT-EU	9 months ago	Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	9 months ago	GhostSec Evolves With Website Compromise Tools
DARKReading	9 months ago	GhostLocker 2.0 Haunts Businesses Across Middle East, Africa & Asia
InfoSecurity-magazine	a year ago	Hacker Group GhostSec Unveils New Generation Ransomware Implant