GhostLocker Ransomware Will Encrypt Victims' Files

ransomware

GhostLocker represents a ransomware program created by the cyber criminal group GhostSec. This type of malware, categorized as ransomware, is engineered to encrypt data and demand payment for its decryption.

In our testing environment, GhostLocker encrypted files and added a ".ghost" extension to their names. For instance, an original file named "1.jpg" would transform into "1.jpg.ghost," while "2.png" would become "2.png.ghost," and this pattern was applied to all affected files.

Upon the completion of the encryption process, a ransom note, typically titled "lmao.html," was deposited. It's worth noting that the name of the HTML document might vary.

GhostLocker's message informs the victim that their files have been encrypted using the RSA-2048 and AES-12 cryptographic algorithms, and sensitive data has been taken.

To decrypt the files, a ransom must be paid. The victim is granted a 48-hour window to contact the attackers, and failing to meet this deadline will result in an increased ransom amount. Refusal to comply with the cyber criminals' demands will lead to data destruction.

The note cautions against renaming the encrypted files or utilizing third-party recovery tools, as doing so may cause permanent data loss. The victim is also warned that seeking assistance from third parties or authorities will result in data loss and the exposure of stolen content.

GhostLocker Ransom Note Attempts to Sound Clever

The full text of the ransom note generated inside the "lmao.html" file reads as follows:

GhostLocker
We run s**t because we can

ALL YOUR IMPORTANT FILES ARE STOLEN AND ENCRYPTED
YOUR PERSONAL ENCRYPTION ID: - (SAVE THIS)

All your important files have been stolen and encrypted with RSA-2048 and AES-128 military grade ciphers. That means that no matter how much you were to try, the only way to get your files back is working with us and following our demands.

You have 48 hours (2 days) to contact us. If you do not make an effort to contact us within that time-frame, the ransom amount will increase.

If you do not pay the ransom, your files will be destroyed forever.

You can contact us on the following

Attention
DO NOT pay the ransom to anyone else than the top contact information mentioned up there.
DO NOT rename the encrypted files
DO NOT try to decrypt your data using third party software, it may cause permanent data loss
Any involvement of law enforcement/data recovery teams/third party security vendors will lead to permanent loss of data and a public data release immediately

How Can Ransomware Infiltrate Your System?

Ransomware can infiltrate your system through various methods, and understanding these entry points is crucial for preventing such attacks. Here are some common ways in which ransomware can gain access to your system:

  • Phishing Emails: The most common method is through phishing emails. You may receive an email that appears to be from a legitimate source, but it contains malicious attachments or links. Opening these attachments or clicking on these links can trigger the download and execution of ransomware on your computer.
  • Malicious Websites: Visiting malicious or compromised websites can expose your system to ransomware. These websites may exploit vulnerabilities in your web browser or plugins to download and execute the ransomware.
  • Malvertising: Online ads can be used to distribute ransomware. Cybercriminals may place malicious ads on legitimate websites, and if you click on them, you could inadvertently download ransomware.
  • Drive-By Downloads: Some websites are designed to automatically download files to your computer without your consent. These drive-by downloads can install ransomware if your system is not properly protected.
  • Software Vulnerabilities: Outdated or unpatched software can have security vulnerabilities that ransomware can exploit. It's crucial to keep your operating system, applications, and security software up to date.
  • Remote Desktop Protocol (RDP) Attacks: Cybercriminals can exploit weak or default RDP credentials to gain access to your computer remotely. Once inside, they can deploy ransomware.
  • Malicious Attachments: Ransomware can be delivered through malicious email attachments, such as infected Microsoft Office documents or executable files. These attachments may exploit software vulnerabilities or trick you into running them.
By Zaib
October 13, 2023
Ransomware
English
October 13, 2023
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

OnlyFans Ransomware Pretends to Encrypt Files

The OnlyFans Ransomware is a piece of malware that pretends to be a fully-fledged file-encryption Trojan that possesses the ability to encrypt the files of its victims. However, the criminals also pretend to be part... Read more

April 15, 2022
Ransomware

Agenda Ransomware Will Encrypt Your Files

A new strain of file-encrypting malware was spotted in the wild by independent security researcher Petrovic. The new strain is called the Agenda ransomware and it does not seem to belong to any particular big family... Read more

July 15, 2022
Ransomware

8Base Ransomware Locks Victims' Files

8base Ransomware is classified as a type of ransomware that encrypts data. When a computer becomes infected with 8base Ransomware, all files on the compromised system, including .xtml, .doc, .png, .pdf, .asp, and... Read more

May 26, 2023
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.