Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries

Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries

March 6, 2024 at 02:15AM

GhostSec, a cybercrime group, has partnered with Stormous to launch double extortion ransomware attacks on businesses globally. They are part of a coalition called The Five Families, offering a new ransomware-as-a-service (RaaS) program called STMX_GhostLocker. The groups have also introduced a Go-written ransomware called GhostLocker 2.0 and developed hacking tools to compromise legitimate websites.

Key takeaways from the meeting notes:

1. The cybercrime group GhostSec is linked to a Golang variant of a ransomware family called GhostLocker.

2. GhostSec, alongside the Stormous ransomware group, is conducting double extortion ransomware attacks on various business verticals in multiple countries.

3. The group has targeted victims in various countries, impacting business verticals including technology, education, manufacturing, government, transportation, energy, medicolegal, real estate, and telecom.

4. GhostSec is part of a coalition called The Five Families, which includes ThreatSec, Stormous, Blackforums, and SiegedSec.

5. They have launched a ransomware-as-a-service (RaaS) program named STMX_GhostLocker, offering various options for their affiliates.

6. The groups have unleashed an updated version of GhostLocker and started a new RaaS program called STMX_GhostLocker in 2024.

7. GhostLocker 2.0, written in Go, is advertised as effective with speedy encryption/decryption capabilities and comes with a revamped ransom note.

8. The RaaS scheme allows affiliates to track their operations, monitor encryption status, and payments through a web panel, and provides a builder to configure the locker payload according to their preferences.

9. Talos discovered two new tools likely used by GhostSec to compromise legitimate sites: the ‘GhostSec Deep Scan toolset’ and a cross-site scripting (XSS) attack tool called “GhostPresser.”

10. GhostSec’s commitment to evolving its arsenal is demonstrated by the GhostPresser tool, enabling the group to alter site settings, add new plugins and users, and install new themes.

Please feel free to ask if you need further details or have any other questions.

Full Article