Jump to content

These two ransomware giants are joining forces to hit more victims across the world

Recommended Posts


Two major ransomware groups, GhostSec and Stormous, joined forces and conducted several double extortion attacks.

A report from cybersecurity researchers Cisco Talos revealed the partnership appears to have started in October 2023, when GhostSec announced a new ransomware-as-a-service (RaaS) framework on Telegram, called GhostLocker.

As by that time, the group already had successful collaborations with Stormous (namely, an attack against Cuban ministries in July 2023), the latter then announced it would adopt GhostLocker, in addition to its StormousX program.

Surge in activity

Since then, the researchers claim GhostSec and Stormous have pulled off a number of double extortion ransomware attacks, targeting victims in different industries and various countries around the world. 

GhostSec mostly targets corporate websites, including a national railway operator in Indonesia, and a major energy company in Canada. Cisco Talos observed victims in Cuba, Argentina, Poland, China, Lebanon, Israel, Uzbekistan, India, South Africa, Brazil, Morocco, Qatar, Turkiye, Egypt, Vietnam, Thailand and Indonesia.

Israel’s Industrial systems, critical infrastructure and technology companies, as well as government organizations (Ministry of Defense), seem to be frequently targeted. 

The two also rebuilt the new official blog on the TOR network, offering affiliate programs for adjacent hacking collectives. Their blog dashboard shows the count of victims and disclosures of victims’ information with a link to their leaked data, the researchers said. Their largest ransom demand (which doesn’t necessarily have to mean it was also the largest payment received) was listed at $500,000.

Since teaming up with Stormous, GhostSec’s activities have surged, Cisco Talos concluded.

Year after year, ransomware operators are getting bigger, bolder, and more destructive. Some of the biggest cybersecurity incidents of the past decade included ransomware groups such as LockBit, BlackCat (ALPHV), and Cl0p.

More from TechRadar Pro

View the full article

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...