Ghostlocker

Malware updated 4 months ago (2024-05-04T20:49:58.826Z)

Download STIX

Preview STIX

GhostLocker is a harmful malware developed by the cybercrime gang GhostSec, which has seen a significant surge in its hacking activities over the past year. The group has recently introduced an updated version of this malicious software, known as GhostLocker 2.0 ransomware, a Golang variant of the original GhostLocker ransomware. This new variant has been employed in a series of double extortion attacks against numerous countries including Cuba, Argentina, Poland, China, Lebanon, Israel, Egypt, Vietnam, Thailand, and more, according to disclosure messages posted by the group on their Telegram channels and Stormous ransomware data leak site. In a surprising departure from their past activities, GhostSec has partnered with another ransomware group, Stormous, to launch a new ransomware-as-a-service (RaaS) program named STMX_GhostLocker. This program provides various options for affiliates, enabling them to distribute ransomware more widely. The RaaS platform features a Command & Control (C2) panel that gives affiliates an overview of their attacks and gains. Cybersecurity firm Uptycs notes that this move marks a significant shift in GhostSec's operations, which have traditionally targeted Israeli entities. The development and deployment of GhostLocker 2.0 signify a turning point in the ransomware market, according to cybersecurity company SOCRadar. Despite its relatively low price and low percentage basis, the accessibility of GhostLocker could potentially escalate ransomware attacks to severe levels. Furthermore, the involvement of hacktivist collectives like GhostSec in the ransomware landscape, previously focused on political activism, indicates a diversification towards financial gain. This evolution highlights the increasing complexity and sophistication of today's cyber threats.

Description last updated: 2024-05-04T16:28:53.418Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Ghostsec	4	GhostSec is a malicious software (malware) that has been identified as a significant threat to computer systems and data security. This malware, designed to exploit and damage computer systems, infiltrates user devices through suspicious downloads, emails, or websites without the user's knowledge. O
Stmx_ghostlocker	3	STMX_GhostLocker is a new and potent form of malware developed by the collaboration of two significant ransomware groups, GhostLocker and Stormous. The malware was first announced on "The Five Families" Telegram channel by the Stormous group on February 24, 2024. This malicious software is designed

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

RaaS

Encrypt

Cybercrime

Extortion

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Ghost	Unspecified	3	"Ghost" is a potent malware that has been plaguing the digital world. In 2020, the first signs of its impending threat emerged with the planning of a large bilateral CDU/MDANG Ex Cyber Ghost operation. However, it wasn't until Check Point Research (CPR) identified a network of GitHub accounts, dubbe

Source Document References

Information about the Ghostlocker Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	The Week in Ransomware - October 20th 2023 - Fighting Back
CERT-EU	6 months ago	These two ransomware giants are joining forces to hit more victims across the world \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	10 months ago	U.S. Treasury Sanctions Russian Money Launderer in Cybercrime Crackdown
CERT-EU	6 months ago	You’re going to start seeing more tax-related spam, but remember, that doesn’t actually mean there’s more spam
CERT-EU	6 months ago	GhostLocker 2.0 Unleashes Cyber Haunting Spree in the Middle East, Africa, and Asia
CERT-EU	6 months ago	Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries
Securityaffairs	6 months ago	Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks
CERT-EU	6 months ago	Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	6 months ago	GhostSec Evolves With Website Compromise Tools
DARKReading	6 months ago	GhostLocker 2.0 Haunts Businesses Across Middle East, Africa & Asia
InfoSecurity-magazine	a year ago	Hacker Group GhostSec Unveils New Generation Ransomware Implant