GhostSec [1] [2] [4] [5], a hacktivist group affiliated with Stormous, has recently released a groundbreaking ransomware program called GhostLocker [4]. This sophisticated ransomware utilizes military-grade encryption algorithms to ensure its undetectability by antivirus software. In addition to encryption, GhostLocker offers a unique service for managing negotiations following successful breaches [4].

Description

GhostLocker [1] [2] [4] [5], developed by the cybercriminal group GhostSec [2] [5], is a new type of ransomware that encrypts files and demands payment for decryption. It employs RSA-2048 and AES-12 encryption algorithms [5], making it highly secure. Encrypted files are marked with a “.ghost” extension. Users can manage negotiations by entering their encryption ID and downloading decryptors. The ransom note [2] [5], titled “lmao.html,” informs victims of the encryption and exfiltration of sensitive data. Failure to contact the attackers within 48 hours results in an increased ransom amount [5]. Renaming files or using third-party recovery tools is strongly discouraged [5], as it may lead to permanent data loss [5]. Seeking help from third parties or authorities is also discouraged [5], as it will result in data loss and the release of stolen content [5]. Decrypting the files without the attackers’ interference is typically impossible [2] [5]. Removing GhostLocker from the operating system prevents further encryption but does not restore blocked files [2] [5]. The only solution is to recover data from a backup stored in a different location [5]. It is recommended to keep backups in multiple locations for data security [5]. GhostLocker is currently in its beta phase and can be purchased on the dark web for $999. Its release highlights the increasing sophistication of ransomware operations and the evolving cyber threats landscape [4], emphasizing the importance of continuous improvement and innovation in cybersecurity [4].

Conclusion

SiegedSec [3], a group known for their aggressive approach to victim security [3], has targeted various sectors worldwide [3], including healthcare [3], IT [3], insurance [3], accounting [3], and finance [3]. In Latin America [3], SiegedSec has obtained sensitive documents [3], databases [3], and user information from organizations in Colombia [3], with government and healthcare entities being the most affected [3]. The actions of groups like SiegedSec and the release of ransomware like GhostLocker underscore the need for robust cybersecurity measures and constant vigilance in the face of evolving cyber threats. Organizations must prioritize data security, maintain backups in multiple locations [5], and stay updated on the latest advancements in cybersecurity to mitigate the risks posed by such malicious activities.

References

[1] https://www.infosecurity-magazine.com/news/hacker-ghostsec-unveils-new/
[2] https://www.pcrisk.fr/guides-de-suppression/12283-ghostlocker-ransomware
[3] https://www.welivesecurity.com/es/cibercrimen/5-grupos-ransomware-activos-america-latina-2023/
[4] https://cybersecurity-see.com/hacker-group-ghostsec-introduces-next-gen-ransomware-implant/
[5] https://www.pcrisk.pt/guias-de-remocao/12377-ghostlocker-ransomware