Cybercriminals have developed an enhanced version of the infamous GhostLocker ransomware that they are deploying in attacks across the Middle East, Africa, and Asia.
Two ransomware groups, GhostSec and Stormous, have joined forces in the attack campaigns with double-extortion ransomware attacks using the new GhostLocker 2.0 to infect organizations in Lebanon, Israel, South Africa, Turkey, Egypt, India, Vietnam, and Thailand, as well as other locations.
Technology companies, universities, manufacturing, transportation, and government organizations are bearing the brunt of attacks, which attempt to scam victims into paying for decryption keys needed to unscramble data that was rendered inaccessible by the file-encrypting malware. The attackers also threaten to release the stolen sensitive data unless the victims pay them hush money, according to researchers at Cisco Talos, who discovered the new malware and cyberattack campaign.
GhostLocker 2.0 encrypts files on the victim’s machine using the file extension .ghost before dropping and opening a ransom note. Prospective marks warn that stolen data will be leaked unless they contact ransomware operators before a seven-day deadline expires.