Over the past week, an establishment of a new ransomware franchise has emerged named GhostLocker.
Ghost Locker is a new Ransomware-as-a-Service (Raas) established by several hacktivist groups led by GhostSec.
Recently, many hacktivist groups have tried to engage in cybercrime activities in order to sustain themselves and GhostLocker seems to be one of these cases. In fact, some ransomware groups have already migrated to using GhostLocker instead of their original products.
On October 6th, several hacktivist groups, including SiegedSec, GhostSec and The Five Families
collective, announced a new Ransomware-as-a-Service named GhostLocker (Figure 2).
The GhostLocker RaaS crew claims to support advanced new techniques and prioritizing effectiveness.
In addition, the operators behind GhostLocker claim it is fully undetected and that they will be responsible for infrastructures and negotiations – something very common with RaaS operators.
Finally, the fee that GhostLocker takes from its affiliates is fairly low, at 15%.
GhostLocker RaaS Affiliation
When observing the threat groups advertising the GhostLocker RaaS, we can see that the groups operating it are GhostSec and SiegedSec – two hacktivist groups that emerged at the beginning of 2022.
Some ransomware groups have already announced that they are going to join this RaaS, such as Stormous (Figure 4).
Given that Stormous is a part of The Five Families collective, it is highly likely that they also helped in the development of GhostLocker and that some code overlaps might occur as a result between GhostLocker and StormousX.
Hacktivism Engaging With Cybercrime
When looking at the GhostLocker RaaS, many might wonder why a hacktivist group would engage in cybercrime like ransomware.
The answer is fairly simple.
While hacktivists would like to promote their agendas, infrastructures and other tools, their use can be expensive, and in order to sustain themselves, they have to engage in cybercrime.
In GhostSec‘s and SiegedSec‘s case, there is a chance that the fact that they are a part of The Five Families collective, which also includes Stormous – a cybercrime group, they have to contribute in a way that sometimes might go against their agendas.
Cyberint and the Dark Web
Cyberint excels in accessing high-tier sources that remain elusive to most companies. Our unique ability to penetrate these hidden corners enables us to collect and analyze invaluable data. We enrich our automated collection with a human approach, through research and analysis of our military-grade expert team.
Find new sources in deep and dark web marketplaces, forums, and sites, even if those sources are volatile and difficult to track. Get deep analysis and reports, that allow you to understand a specific threat actor and group profiling, including the places of operation, targeted countries or verticals, TTPs and more. Get a demo and see what assets you have exposed on the deep & dark web.