Ghostrider

Threat Actor updated 15 hours ago (2024-10-17T13:03:34.055Z)

Download STIX

Preview STIX

Ghostrider, also known as a threat actor, is an online alias used by Vasiliev, who has been associated with multiple cyberattacks between 2021 and 2023. Other aliases utilized by Vasiliev include "Free," "Digitalocean90," "Digitalocean99," "Digitalwaters99," and "Newwave110." The primary tool of disruption in these attacks was the deployment of LockBit, a form of ransomware, against at least 12 victims, which included businesses located in New Jersey, Michigan, the United Kingdom, and Switzerland. During this period, Vasiliev's actions resulted in significant financial damages to the victims. In total, his cyberattacks caused approximately $500,000 in damages. The victims ranged from schools to businesses, reflecting the broad range of targets that Ghostrider was willing to exploit for malicious purposes. In parallel, another threat actor named Astamirov, operating under the alias "BETTERPAY," extorted a total of $1.9 million from 12 victims. As a result of legal proceedings, Astamirov agreed to forfeit $350,000 in seized cryptocurrency. This series of events underscores the significant financial risks posed by threat actors like Ghostrider and BETTERPAY, as well as the importance of robust cybersecurity measures and law enforcement efforts to counteract such threats.

Description last updated: 2024-10-17T12:50:30.604Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Vasiliev is a possible alias for Ghostrider. Mikhail Vasiliev, a dual Russian-Canadian national known by various online aliases such as "Ghostrider," was a key threat actor involved in the global LockBit ransomware campaign. Alongside fellow members like Ruslan Magomedovich Astamirov, and others including Sungatov, Kondratyev, and Mikhail Pavl	3
Newwave110 is a possible alias for Ghostrider.	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Lockbit Malware is associated with Ghostrider. LockBit is a notorious malware that operates on a ransomware-as-a-service model, which has been responsible for significant cyber attacks across the globe. One of its most high-profile targets was Boeing, from whom the LockBit gang claimed to have stolen data. This incident not only disrupted operat	Unspecified	2

Source Document References

Information about the Ghostrider Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Flashpoint	3 months ago	COURT DOC: Two Foreign Nationals Plead Guilty to Participation in LockBit Ransomware Group
DARKReading	3 months ago	Two Foreign Nationals Plead Guilty to Participating in LockBit Ransomware Group
Securityaffairs	3 months ago	Russian nationals plead guilty to participating in the LockBit ransomware group