HomeRisk ManagementsGhostLocker 2.0 causing havoc for businesses in Middle East, Africa, and Asia...

GhostLocker 2.0 causing havoc for businesses in Middle East, Africa, and Asia – Source: www.darkreading.com

Published on

spot_img

Cybercriminals across the Middle East, Africa, and Asia have unleashed a new and improved version of the notorious GhostLocker ransomware, causing havoc for organizations in various sectors such as technology, universities, manufacturing, transportation, and government entities. This upgraded ransomware, known as GhostLocker 2.0, is the result of a collaboration between two prominent ransomware groups, GhostSec and Stormous, who have joined forces to execute double-extortion ransomware attacks in countries like Lebanon, Israel, South Africa, Turkey, Egypt, India, Vietnam, and Thailand.

The primary aim of these cyberattacks is to trick victims into paying for decryption keys that can unlock their encrypted data, as well as extorting money from them by threatening to release sensitive information if payment is not made. Researchers from Cisco Talos have uncovered this new malware strain and the cyberattack campaign, shedding light on the malicious activities of these cybercriminals targeting organizations in vulnerable regions.

Both the GhostLocker and Stormous groups have introduced a revised ransomware-as-a-service (RaaS) program, called STMX_GhostLocker, which offers various options for their affiliates to carry out attacks. The groups have publicized their data theft activities on Telegram channels and the Stormous ransomware data-leak site, indicating a brazen approach to their criminal endeavors.

In a technical blog post by Cisco Talos, it was revealed that GhostSec is specifically targeting Israel’s industrial systems, critical infrastructure, and technology companies, with the Israeli Ministry of Defense being among the affected organizations. Despite speculations about political motivations, the primary drive behind these attacks appears to be financial gain rather than acts of sabotage.

Moreover, the Stormous gang has incorporated the GhostLocker ransomware program into its existing operations following a successful joint campaign against Cuban ministries in the past year. The GhostSec group has also expanded its scope to include attacks on corporate websites, such as a national railway operator in Indonesia and a Canadian energy supplier, utilizing tools like GhostPresser and XSS attacks to breach vulnerable sites.

Additionally, the cybercriminals behind GhostLocker 2.0 have designed a sophisticated ransomware infrastructure with a control panel that enables affiliates to track their attacks and monitor progress. Affiliates who comply with ransom demands gain access to a ransomware builder that allows customization of encryption settings, including targeting specific file types like .doc and .xls documents for encryption and exfiltration.

Notably, GhostLocker 2.0 has been upgraded to utilize the GoLang programming language, enhancing its capabilities with a doubled encryption key length of 256 bits compared to its predecessor. This technical evolution reflects the continuous development and adaptability of cybercriminal tactics to evade detection and maximize profits from their illicit activities.

In the face of escalating cyber threats from ransomware groups like GhostSec and Stormous, organizations and individuals are urged to strengthen their cybersecurity defenses, remain vigilant against phishing attempts, and regularly update their systems to mitigate the risk of falling victim to ransomware attacks. As the battle against cybercriminals intensifies, collaboration between cybersecurity experts, law enforcement agencies, and governments is essential to combatting this growing menace in the digital landscape.

Source link

Latest articles

New NadMesh Botnet Exploits Over 20 RCE Vectors to Compromise AI and MCP Infrastructure

NadMesh: A New Era of Industrial-Grade Botnets NadMesh has emerged as a significant threat in...

AI Bug-Finding Tools Require Human Validation

The Role of AI in Offensive Security: Balancing Speed with Human Insight In an evolving...

AWS Billing Bug Shows Trillion-Dollar Cost Estimates to Cloud Customers

Amazon Web Services Faces Major Billing Anomaly in Cost Explorer Tool Amazon Web Services (AWS)...

Scammers Exploit FaceTime for Social Engineering Tactics

Apple Warns Users About Social Engineering Scams Targeting FaceTime Apple Inc. has made a significant...

More like this

New NadMesh Botnet Exploits Over 20 RCE Vectors to Compromise AI and MCP Infrastructure

NadMesh: A New Era of Industrial-Grade Botnets NadMesh has emerged as a significant threat in...

AI Bug-Finding Tools Require Human Validation

The Role of AI in Offensive Security: Balancing Speed with Human Insight In an evolving...

AWS Billing Bug Shows Trillion-Dollar Cost Estimates to Cloud Customers

Amazon Web Services Faces Major Billing Anomaly in Cost Explorer Tool Amazon Web Services (AWS)...