More than 15 countries around the world, including China, India, and Brazil, are having various industries subjected to joint double extortion attacks by the GhostSec and Stormous ransomware operations, according to The Hacker News.
Organizations in the technology, education, manufacturing, and government sectors were most impacted by the twin attacks, a report from Cisco Talos revealed. Both ransomware operations, which are part of an alliance that also includes the SiegedSec hacking group, also sought to deploy a new GhostLocker ransomware variant with more advanced encryption and decryption, as well as commence the novel STMX_GhostLocker ransomware-as-a-service program. Attackers have also leveraged the GhostSec Deep Scan and GhostPresser tools to facilitate website compromise. "The group themselves has claimed they've used it in attacks on victims, but we don't have any way to validate any of those claims. This tooling would likely be used by the ransomware operators for a variety of reasons," said researchers.
