March 5, 2024 at 08:15AM
Cybercriminals are conducting widespread attacks across the Middle East, Africa, and Asia using the new GhostLocker 2.0 ransomware. Affected organizations include technology companies, universities, manufacturing, transportation, and government organizations. The attackers demand payment for decryption keys and threaten to release stolen data if their demands are not met. Cisco Talos researchers discovered the new malware and cyberattack campaign, which also involves double-extortion ransomware attacks. The attackers have access to a ransomware builder and have developed a deep scan toolset for targeting vulnerable websites. The ransomware encrypts files with the extension .ghost and has a seven-day deadline before stolen data will be leaked. This latest version of GhostLocker uses the GoLang programming language and doubles the encryption key length to 256 bits.
Based on the meeting notes, here are the key points:
– Cybercriminals have deployed an enhanced version of the GhostLocker ransomware in attacks across the Middle East, Africa, and Asia.
– Two ransomware groups, GhostSec and Stormous, have collaborated in double-extortion ransomware attacks using GhostLocker 2.0 against organizations in several countries.
– The targeted sectors include technology companies, universities, manufacturing, transportation, and government organizations.
– The attackers are using tactics to scam victims into paying for decryption keys and threaten to release stolen sensitive data unless they receive payment.
– The ransomware groups have introduced a revised Ransomware-as-a-Service program called STMX_GhostLocker.
– GhostSec is conducting attacks against corporate websites using XSS attacks and has developed a deep scan toolset for potential attackers.
– The latest version of GhostLocker encrypts files using the .ghost extension and has a seven-day deadline for victims to pay before data is leaked.
– Affiliates have access to a control panel to monitor their attacks, and the command-and-control server resolves with a geolocation in Moscow.
– The latest version of GhostLocker was written in the GoLang programming language and has doubled the encryption key length to 256 bits.
Let me know if there is anything else you would like to include or any additional information you require.