Cybersecurity NewsExplainedReviews

Ghostlocker is Set to Surpass Lockbit Ransomware. Here is What the Developer Says


Ghostlocker is gradually gaining a lot of attention in the ransomware community. Many who pay attention to Raas will remember when Ghostsec made its announcement about launching its services. Following the start of this new operation, the once-fully hacktivist group became a ransomware gang with a touch of “fighting for the people.”

Cybertechwiz had an interview with two key players in the group: its leader, Sebastian, and a member/developer of the said tool, Astounding. These two individuals gave us an insight into how it worked and what they aimed to achieve.

Let’s start with Astounding

Meet one of Ghostlocker Developers

Astounding is currently the admin of Secretforums and the former admin of Blackforum. He is a “21-year-old developer and privacy freak.” He is one of the founding members of the five families and the former owner of Blacksec. Currently a member of Stormous ransomware and Ghostsec, he refused to comment on his roles in both groups due to Opsec.

Nonetheless, when asked how he feels about ghostsec’s change to ransomware, he gave little insight into what caused the change. The developer said the main motivation for the switch was to fund its growing operations as the price for each attack mounts. In his words, he said, “Activist groups do not make that much money themselves, so to run the activism operations you still need a fair bit of resources, while ransoming payments usually go towards future activism operations or improving the service itself.”

Speaking about other places the proceeds will go, Astounding said earnings from the ransomware as a service will also go to charity and cancer research. These two organizations are also exempt from the list of targets the group may pursue. Any affiliates who attack any NGOs or hospitals will get an immediate account termination. Additionally, the band also reports vulnerabilities to these entities to prevent other threat actors from hacking them.

For this reason, the affiliate recruitment process is tough. The hacker said: “We monitor any activity within our program to ensure that the rules get enforced.” He said that any group with bad records will not make the recruitment cut. Nonetheless, in the event of a rogue partner, the affected entity will get a free-of-charge decryptor, and data will never be leaked.

About V3

There has been several to the Ghostlocker. Currently in its second version (V2), the tool will receive yet another major with the next version. Astounding is working on the V3 for Linux and helps out with the one for Windows. Speaking about the major upgrade, he said “v2 is using a block cypher hopefully in v3 we will be using stream cyphers which will not only give us a better performance but also better security.”

The developer further stated that they are perfecting other features he’ll not disclose for security purposes. Nonetheless, he commented on how fast the encryption will be; 2-4 GB per second.

When asked about issues with law enforcement, Astounding maintained confidence in tight opsec and said there is also zero of the feds finding them. However, he maintained that it is important not to trust others too much as it can land one in jail.

In his final words about the ransomware Ghostsec uses, the hacker said “Hopefully by v3 we can overtake lockbit.”

V3 From Sebastian Lens

Regarding the current version of ghostlocker, the leader of Ghostsec said “V2 I will admit is as good as the other existing RaaS.” Nonetheless, he added that they are working on V3 which will be a huge upgrade from the current version. According to him, it “will definitely set a new standard” and it’s almost ready for testing. However, he failed to offer any insight into its features.

He restated Astounding’s words of vetting affiliate and making sure they do not attack “educational, medical and non-profit organizations or corporations that genuinely have an effect to better the world.” Additionally, he stated that many threat actors are willing to follow these rules. As a result, the number of partners is increasing.