SOCRadar® Cyber Intelligence Inc. | GhostLocker: A New Generation of Ransomware as a Service (RaaS)


Oct 18, 2023
5 Mins Read

GhostLocker: A New Generation of Ransomware as a Service (RaaS)

In recent times, we have witnessed a sharp uptick in ransomware attacks, a disconcerting trend that has alarmed both cybersecurity experts and organizations alike. This surge can be attributed to the growing frequency of attacks and the increasing number of victims falling prey to ransomware incidents.

The proliferation of ransomware is not solely due to vulnerable victims. Rather, it is being fueled by threat actors who leverage it to amass substantial financial gains, primarily through Ransomware as a Service (RaaS). The RaaS sector has seen explosive growth, making ransomware more accessible and adaptable for malevolent actors.

As this criminal sector grows, many groups and threat actors who want to get a share from it also increase. In addition to traditional ransomware groups, groups working with the RaaS model, hacker groups such as Snatch, which specialize in extortion or, as in our topic today, develop their ransomware, have also emerged.

GhostLocker RaaS: Pay Monthly, Infect Everywhere

Hacker group known as GhostSec has introduced a novel RaaS model named GhostLocker. In their marketing pitch, GhostSec presents GhostLocker as a game-changing, enterprise-grade locking software.

As in their sayings, GhostLocker has undergone meticulous refinement to provide an array of enticing features to its clients. This includes Military-Grade Encryption during runtime and the promise of complete undetectability. Additionally, they offer services to manage negotiations stemming from successful breaches, setting GhostLocker apart from its RaaS competitors.

GhostLocker’s control panel shows the statistics
GhostLocker’s control panel shows the statistics

At present, GhostLocker is being offered at a price of $999 for access to 15 slots during its beta phase, with a post-beta price set at $4,999. It is worth noting that the beta version of GhostLocker hints at potential future threats with undisclosed Tactics, Techniques, and Procedures.

GhostLocker also works as a stealer and the both modules are customizable
GhostLocker also works as a stealer and the both modules are customizable

GhostSec has released a video proof-of-concept, demonstrating how their custom malware can encrypt data and elude detection by antivirus software, including the likes of Malwarebytes. This showcases the growing sophistication of ransomware operations and underscores GhostLocker as a prime example of the evolving landscape of cyber threats.

GhostLocker team announces that the new features are on the way
GhostLocker team announces that the new features are on the way

Features and Enhanced Capabilities of GhostLocker

GhostLocker’s developers has recently introduced several innovative features and improvements that set it apart in the competitive RaaS market. Shared via a Telegram post, these features comprise:

  1. Comprehensive Statistics: Users now have access to detailed statistics to monitor locker launches, build frequency, and lifetime earnings.
  2. Enhanced Builder Features: The builder now enables automatic privilege escalation for potential admin permissions. Users can also choose to remove the background and even enter their own session ID to lead negotiations or leave it to GhostLocker.
  3. User-Controlled Negotiations: Users can take the reins of negotiations through the builder, enabling them to download decryptors by entering the victim’s encryption ID.
  4. A Refreshed User Interface: The user interface has received a complete overhaul, resulting in a more visually appealing design.
  5. Monthly Subscription Option: GhostLocker offers a monthly subscription for those who prefer to pay $269.99 on a monthly basis.

These new features and enhanced capabilities may position GhostLocker as a formidable player in the RaaS arena, offering a wide array of options to its customer base.

A New Era in Ransomware Attacks

Whether GhostLocker will be successful or whether it will turn out to be an inflated balloon will be something we will witness in the coming days. However, Stormous, already part of the same hacktivist collective, has announced that it will use GhostLocker.

Even if GhostLocker is not successful in the RaaS market, it seems obvious that it is a turning point as a model. The fact that it is relatively low-priced, works with very low percentage basis, and is accessible to almost everyone can increase Ransomware attacks to severe levels.

Remaining Informed and Vigilant with SOCRadar

The GhostLocker’s entry into the RaaS arena underscores the increasing sophistication of ransomware operations. As cyber threats continue to evolve, organizations and individuals must remain vigilant and well-informed in their cybersecurity practices. With ransomware attacks becoming more advanced, it is imperative to invest in robust cybersecurity measures, employee training, and up-to-date threat intelligence.

This developing RaaS model serves as a stark reminder of the constant need for proactive cybersecurity measures against these emerging cyber threats. Staying ahead of the game means prioritizing security and adopting state-of-the-art solutions to safeguard your data and infrastructure against malicious actors.

Within the SOCRadar Attack Surface Management module, all assets belonging to your organization can be monitored, entry points for ransomware can be detected, and your attack surface is checked against the techniques used by ransomware groups.

SOCRadar Attack Surface Management/Company Vulnerabilities
SOCRadar Attack Surface Management/Company Vulnerabilities