GhostSec & Stormous Launched Twin Ransomware Attacks

A hacking group has evolved with a new ransomware variant known as GhostLocker 2.0.

This group, in collaboration with the Stormous ransomware operators, has initiated double extortion ransomware attacks targeting various businesses globally.

The joint efforts of GhostSec and Stormous have led to the creation of a new ransomware-as-a-service program named STMX_GhostLocker, offering diverse options for their affiliates.

Global Impact of Ransomware Attacks

The victimology of these attacks spans across multiple countries, including Cuba, Argentina, Poland, China, and many others.

Integrate ANY.RUN in your company for Effective Malware Analysis

Malware analysis can be fast and simple. Just let us show you the way to:

• Interact with malware safely
• Set up virtual machine in Linux and all Windows OS versions
• Work in a team
• Get detailed reports with maximum data

If you want to test all these features now with completely free access to the sandbox: ..
Analyze malware in ANY.RUN for free

These cybercriminal activities have affected victims in different business sectors, as disclosed by the groups in their Telegram channels.

Notably, GhostSec has been actively targeting Israel’s industrial systems and critical infrastructure, with reported attacks on organizations like the Ministry of Defense in Israel.

Using the GhostLocker and StormousX ransomware malware, Talos discovered that the GhostSec and Stormous gangs were collaborating on several double extortion assaults.

Evolution of GhostLocker Ransomware

GhostSec introduced an upgraded version of their ransomware called GhostLocker 2.0, showcasing continuous development efforts with plans for further iterations like GhostLocker V3.

The ransom note strategy has evolved to include instructions for victims…