Ghostlocker

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
GhostLocker is a harmful malware developed by the cybercrime gang GhostSec, which has seen a significant surge in its hacking activities over the past year. The group has recently introduced an updated version of this malicious software, known as GhostLocker 2.0 ransomware, a Golang variant of the original GhostLocker ransomware. This new variant has been employed in a series of double extortion attacks against numerous countries including Cuba, Argentina, Poland, China, Lebanon, Israel, Egypt, Vietnam, Thailand, and more, according to disclosure messages posted by the group on their Telegram channels and Stormous ransomware data leak site. In a surprising departure from their past activities, GhostSec has partnered with another ransomware group, Stormous, to launch a new ransomware-as-a-service (RaaS) program named STMX_GhostLocker. This program provides various options for affiliates, enabling them to distribute ransomware more widely. The RaaS platform features a Command & Control (C2) panel that gives affiliates an overview of their attacks and gains. Cybersecurity firm Uptycs notes that this move marks a significant shift in GhostSec's operations, which have traditionally targeted Israeli entities. The development and deployment of GhostLocker 2.0 signify a turning point in the ransomware market, according to cybersecurity company SOCRadar. Despite its relatively low price and low percentage basis, the accessibility of GhostLocker could potentially escalate ransomware attacks to severe levels. Furthermore, the involvement of hacktivist collectives like GhostSec in the ransomware landscape, previously focused on political activism, indicates a diversification towards financial gain. This evolution highlights the increasing complexity and sophistication of today's cyber threats.
What's your take? (Question 1 of 5)
25e097d2-72db-463a-b4af-7e4c121b6564 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Stmx_ghostlocker
3
STMX_GhostLocker is a new and potent form of malware developed by the collaboration of two significant ransomware groups, GhostLocker and Stormous. The malware was first announced on "The Five Families" Telegram channel by the Stormous group on February 24, 2024. This malicious software is designed
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
RaaS
Encrypt
Cybercrime
Extortion
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
GhostsecUnspecified
4
GhostSec is a pro-Palestinian hacktivist group known for its malicious software (malware) attacks. The group has been responsible for various cyberattacks on critical infrastructure, notably in Israel, as reported by Hackread.com. GhostSec has also claimed responsibility for ransomware attacks on op
GhostUnspecified
3
Ghost is a malicious software (malware) that infiltrates computer systems, often without the user's knowledge. It can cause significant damage by stealing personal information, disrupting operations, or holding data hostage for ransom. Ghost first came into prominence in 2020 when it was part of a l
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Ghostlocker Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
3 months ago
GhostLocker 2.0 Haunts Businesses Across Middle East, Africa & Asia
CERT-EU
3 months ago
Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks | #ransomware | #cybercrime | National Cyber Security Consulting
Securityaffairs
3 months ago
Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks
InfoSecurity-magazine
7 months ago
Hacker Group GhostSec Unveils New Generation Ransomware Implant
CERT-EU
7 months ago
U.S. Treasury Sanctions Russian Money Launderer in Cybercrime Crackdown
CERT-EU
7 months ago
The Week in Ransomware - October 20th 2023 - Fighting Back
CERT-EU
3 months ago
GhostLocker 2.0 Unleashes Cyber Haunting Spree in the Middle East, Africa, and Asia
CERT-EU
3 months ago
Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries
CERT-EU
3 months ago
These two ransomware giants are joining forces to hit more victims across the world | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
3 months ago
GhostSec Evolves With Website Compromise Tools
CERT-EU
3 months ago
You’re going to start seeing more tax-related spam, but remember, that doesn’t actually mean there’s more spam