Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

These two ransomware giants are joining forces to hit more victims across the world

Ransomware attack on a computer.

Two major ransomware groups, GhostSec and Stormous, joined forces and conducted several double extortion attacks.

A report from cybersecurity researchers Cisco Talos revealed the partnership appears to have started in October 2023, when GhostSec announced a new ransomware-as-a-service (RaaS) framework on Telegram, called GhostLocker.

As by that time, the group already had successful collaborations with Stormous (namely, an attack against Cuban ministries in July 2023), the latter then announced it would adopt GhostLocker, in addition to its StormousX program.

Surge in activity

Since then, the researchers claim GhostSec and Stormous have pulled off a number of double extortion ransomware attacks, targeting victims in different industries and various countries around the world. 

GhostSec mostly targets corporate websites, including a national railway operator in Indonesia, and a major energy company in Canada. Cisco Talos observed victims in Cuba, Argentina, Poland, China, Lebanon, Israel, Uzbekistan, India, South Africa, Brazil, Morocco, Qatar, Turkiye, Egypt, Vietnam, Thailand and Indonesia.

Israel’s Industrial systems, critical infrastructure and technology companies, as well as government organizations (Ministry of Defense), seem to be frequently targeted. 

The two also rebuilt the new official blog on the TOR network, offering affiliate programs for adjacent hacking collectives. Their blog dashboard shows the count of victims and disclosures of victims’ information with a link to their leaked data, the researchers said. Their largest ransom demand (which doesn’t necessarily have to mean it was also the largest payment received) was listed at $500,000.

Since teaming up with Stormous, GhostSec’s activities have surged, Cisco Talos concluded.

Year after year, ransomware operators are getting bigger, bolder, and more destructive. Some of the biggest cybersecurity incidents of the past decade included ransomware groups such as LockBit, BlackCat (ALPHV), and Cl0p.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.