The hacking group GhostSec has been making headlines recently due to a significant uptick in its malicious activities, as revealed by research from Cisco Talos. One of the most alarming developments is the emergence of GhostLocker 2.0, a new strain of ransomware created by the group using the Golang programming language.
Collaborating with the Stormous ransomware group, GhostSec has been carrying out double extortion ransomware attacks targeting businesses and organizations in multiple countries. Moreover, they have also launched a ransomware-as-a-service (RaaS) program called STMX_GhostLocker, offering various options for affiliates to join their nefarious operations.
In a recent advisory, Talos disclosed that GhostSec has added two new tools to their arsenal: the “GhostSec Deep Scan tool” and “GhostPresser.” These tools are believed to have been used in attacks against websites, allowing the group to scan legitimate sites and carry out cross-site scripting attacks.
The joint efforts of GhostSec and Stormous have had a global impact, affecting victims in countries such as Cuba, Argentina, Poland, China, and Israel. Their targets have primarily been in the technology and education sectors, as indicated by information shared in their Telegram channels.
GhostSec, aligning themselves with hacker groups like ThreatSec and Blackforums, are known for their financially motivated cybercriminal activities. They engage in single and double extortion attacks, denial-of-service attacks, and website takedowns to generate funds for hacktivists and other threat actors.
The introduction of GhostLocker 2.0 underscores the group’s evolving tactics in ransomware development, with files encrypted using the “.ghost” extension and updated ransom notes and command-and-control capabilities. This demonstrates a level of sophistication in GhostSec’s operations, showing their ability to adapt and innovate in the cybercrime landscape.
The unveiling of the GhostSec Deep Scan tool and GhostPresser further showcases the group’s advanced techniques in compromising websites. These tools enable them to scan websites thoroughly and execute XSS attacks, expanding their capabilities beyond traditional ransomware tactics.
Overall, the increase in GhostSec’s malicious activities highlights the growing threat posed by cybercriminal groups and the need for organizations to enhance their cybersecurity measures to protect against such attacks. With GhostSec and its collaborators demonstrating a high level of sophistication and adaptability, staying ahead of their tactics is crucial in defending against cyber threats.