Ghostlocker

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

GhostLocker is a harmful malware developed by the cybercrime gang GhostSec, which has seen a significant surge in its hacking activities over the past year. The group has recently introduced an updated version of this malicious software, known as GhostLocker 2.0 ransomware, a Golang variant of the original GhostLocker ransomware. This new variant has been employed in a series of double extortion attacks against numerous countries including Cuba, Argentina, Poland, China, Lebanon, Israel, Egypt, Vietnam, Thailand, and more, according to disclosure messages posted by the group on their Telegram channels and Stormous ransomware data leak site. In a surprising departure from their past activities, GhostSec has partnered with another ransomware group, Stormous, to launch a new ransomware-as-a-service (RaaS) program named STMX_GhostLocker. This program provides various options for affiliates, enabling them to distribute ransomware more widely. The RaaS platform features a Command & Control (C2) panel that gives affiliates an overview of their attacks and gains. Cybersecurity firm Uptycs notes that this move marks a significant shift in GhostSec's operations, which have traditionally targeted Israeli entities. The development and deployment of GhostLocker 2.0 signify a turning point in the ransomware market, according to cybersecurity company SOCRadar. Despite its relatively low price and low percentage basis, the accessibility of GhostLocker could potentially escalate ransomware attacks to severe levels. Furthermore, the involvement of hacktivist collectives like GhostSec in the ransomware landscape, previously focused on political activism, indicates a diversification towards financial gain. This evolution highlights the increasing complexity and sophistication of today's cyber threats.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Ghostsec	4	GhostSec is a malicious software (malware) identified as a significant cybersecurity threat. This harmful program, designed to exploit and damage computers or devices, infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once embedded, it can steal pe
Stmx_ghostlocker	3	STMX_GhostLocker is a new and potent form of malware developed by the collaboration of two significant ransomware groups, GhostLocker and Stormous. The malware was first announced on "The Five Families" Telegram channel by the Stormous group on February 24, 2024. This malicious software is designed

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

RaaS

Ransomware

Encrypt

Cybercrime

Extortion

Africa

Talos

Cisco

Locker

Encryption

Malware

Ransom

Antivirus

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Ghost	Unspecified	3	Ghost is a type of malware, or malicious software, that infiltrates systems to exploit and cause damage. It is often disseminated through suspicious downloads, emails, or websites, and can steal personal information, disrupt operations, or hold data hostage for ransom. In 2020, there were plans for

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Ghostlocker Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	9 months ago	The Week in Ransomware - October 20th 2023 - Fighting Back
CERT-EU	5 months ago	These two ransomware giants are joining forces to hit more victims across the world \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	9 months ago	U.S. Treasury Sanctions Russian Money Launderer in Cybercrime Crackdown
CERT-EU	5 months ago	You’re going to start seeing more tax-related spam, but remember, that doesn’t actually mean there’s more spam
CERT-EU	5 months ago	GhostLocker 2.0 Unleashes Cyber Haunting Spree in the Middle East, Africa, and Asia
CERT-EU	5 months ago	Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries
Securityaffairs	5 months ago	Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks
CERT-EU	5 months ago	Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	5 months ago	GhostSec Evolves With Website Compromise Tools
DARKReading	5 months ago	GhostLocker 2.0 Haunts Businesses Across Middle East, Africa & Asia
InfoSecurity-magazine	9 months ago	Hacker Group GhostSec Unveils New Generation Ransomware Implant