The hacking group GhostSec has seen a major improve in its malicious actions over the previous yr, based on analysis carried out by Cisco Talos.
This surge contains the emergence of GhostLocker 2.0, a brand new variant of ransomware developed by the group utilizing the Golang programming language.
GhostSec, in collaboration with the Stormous ransomware group, has been conducting double extortion ransomware assaults throughout a number of nations and enterprise sectors. Moreover, they’ve launched a ransomware-as-a-service (RaaS) program known as STMX_GhostLocker, providing numerous choices for associates.
In an advisory printed immediately, Talos stated it additionally uncovered two new instruments in GhostSec’s arsenal: the “GhostSec Deep Scan software” and “GhostPresser,” each possible utilized in assaults in opposition to web sites. These instruments allow the scanning of official web sites and the execution of cross-site scripting (XSS) assaults, respectively.
The joint operations of GhostSec and Stormous have affected victims globally, together with in Cuba, Argentina, Poland, China and Israel, amongst others. The teams have focused numerous industries – primarily know-how and schooling – as evidenced by disclosures made of their Telegram channels.
GhostSec, which claims affiliation with modern-day hacker teams like ThreatSec and Blackforums, primarily focuses on financially motivated cybercriminal actions. They conduct single and double extortion assaults, denial-of-service (DoS) assaults and web site takedowns, aiming to lift funds for hacktivists and different menace actors.
Learn extra on GhostSec: Hacker Group GhostSec Unveils New Technology Ransomware Implant
In response to Cisco Talos, the introduction of GhostLocker 2.0 demonstrates the group’s evolving ways in ransomware improvement. This variant encrypts information with the extension “.ghost” and options up to date ransom notes and command-and-control (C2) panel capabilities.
Moreover, the invention of the GhostSec Deep Scan software and GhostPresser underscores the group’s sophistication in compromising official web sites. These instruments facilitate web site scanning and XSS assaults, increasing the group’s capabilities past conventional ransomware operations.
