HQ/EMEAFind out how we can help your business
A new type of cyber threat has recently appeared in the cybercriminal landscape as hacking groups GhostSec and Stormous have joined forces to unleash a devastating wave of ransomware attacks worldwide.
This malicious collaboration has bred a new ransomware variant called GhostLocker 2.0, causing concerns for numerous businesses globally.
The GhostSec and Stormous tandem have already inflicted damage on multiple nations on different continents.
According to investigations, the joint effort of GhostSec and Stormous has caused a massive compromise on different industries as they created a malicious program called STMX_GhostLocker. Moreover, this new program could offer various options for their cybercriminal affiliates to exploit.
However, the concerning part of the operation is that businesses in multiple countries such as Cuba, Argentina, Poland, and China have already fallen victim to these attacks, affecting a wide array of industries.
GhostSec has been targeting critical infrastructure in Israel, including the Ministry of Defense. These groups have executed double extortion ransomware campaigns using sophisticated malware strains, such as GhostLocker and StormousX, leaving victims vulnerable to more exploits.
The evolution of GhostLocker ransomware has been quick, with GhostSec distributing upgraded versions and planning future variants. Victims now receive ransom notes prompting them to secure their encryption ID and engage in negotiations to prevent data leaks.
In addition to ransomware, GhostSec has been employing tools like the “GhostSec Deep Scan tool” and “GhostPresser” to compromise websites. The Deep Scan tool enables them to comprehensively scan targeted websites for vulnerabilities, while GhostPresser focuses on exploiting WordPress sites through XSS attacks, highlighting the group’s advanced capabilities and sophistication.
Furthermore, Stormous and GhostSec have launched the STMX_GhostLocker program on the TOR network, providing services for affiliates to join and disclose victim data. The program offers various services, including options for individuals looking to sell or publish data. A blog dashboard features victim counts and revealed information, with ransom amounts reported to reach up to USD 500,000.
These ransomware attacks and collaborations showcase the growing threat various cybercriminals pose worldwide. Therefore, businesses must remain vigilant and employ competent cybersecurity measures to protect themselves from malicious activities.
