Hacker Group GhostSec Unveils New Generation Ransomware Implant

Written by

Dark web watchdog SOCRadar has revealed that GhostSec, a self-described "vigilante" group that has recently turned to financially motivated cyber activity, has released a novel type of ransomware, called GhostLocker.

GhostSec presents GhostLocker as a game-changing locking software that includes military-grade encryption during runtime and the promise of complete undetectability.

Additionally, they offer services to manage negotiations stemming from successful breaches, which allows users to take the reins of negotiations through the builder, enabling them to download decryptors by entering the victim’s encryption ID. This sets GhostLocker apart from its competitors in the ransomware-as-a-service (RaaS) marketplace.

GhostLocker Can Allegedly Bypass Antivirus Detection

Some of the other features revealed by GhostSec on a Telegram post include:

  • A refreshed user interface: The user interface has received a complete overhaul, resulting in a more visually appealing design.
  • Comprehensive statistics: Users now have access to detailed statistics to monitor locker launches, build frequency, and lifetime earnings.
  • Enhanced builder features: The builder enables automatic privilege escalation for potential admin permissions. Users can also choose to remove the background and even enter their own session ID to lead negotiations or leave it to GhostLocker.

GhostSec has also released a video demonstrating how their custom malware can encrypt data and elude detection by antivirus software, including the likes of Malwarebytes.

“This showcases the growing sophistication of ransomware operations and underscores GhostLocker as a prime example of the evolving landscape of cyber threats,” wrote SOCRadar in a blog post published on October 18, 2023.

GhostLocker is being offered in the dark web for $999 for access to 15 slots during its beta phase, with a post-beta price set at $4999.

Stormous, another hacking group with close ties to GhostSec, has already announced that it will use GhostLocker.

Who is GhostSec?

Ghost Security, or GhostSec (also known as the GhostSecMafia or GSM), was initially a hacktivist group associated with the international network hacktivists Anonymous.

It gained its reputation within the Anonymous collective by participating in a hacking campaign targeting ISIS after the Charlie Hebdo shooting in Paris in January 2015.

Ghostsec has also carried out numerous attacks on the Russian government, notably against the Gysinoozerskaya Hydro-Power Plant on July 20, 2022.

The group recently shifted from hacktivism to financially motivated activity, distributing ransomware payloads. 

Read more: Healthcare Sector Warned About New Ransomware Group NoEscape

What’s hot on Infosecurity Magazine?