Ghost Army Ransomware
Posted: January 17, 2018
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 12 |
| First Seen: | June 27, 2023 |
|---|---|
| OS(es) Affected: | Windows |
The Ghost Army Ransomware is a file-locking Trojan or a threat that prevents you from opening different forms of media, usually including images and documents. The Ghost Army Ransomware also may drop components that include spyware-related attacks that could collect information, such as passwords. Malware researchers advise the use of any free methods of data recovery required while having your anti-malware products quarantine or remove the Ghost Army Ransomware immediately.
An Army from the Past that Haunts Your Files
The Trojan family that defined itself as the 'police,' such as the Mircop Ransomware, or the more conservatively-branded Crypt888 Ransomware previously, just is adding another variant to its members. The Ghost Army Ransomware is the newest version of this family that malware experts first caught in 2016, and, like most of its relatives, is using a combination of encryption and ransom notes for profiteering off of data sabotage. Its distribution method seems to target random individuals with fake software downloads, instead of targeted attacks, such as e-mail spam.
Some versions of this group of Trojans also generate components that collect password-related information for uploading to a threat actor's remote server, although malware researchers can't verify the Ghost Army Ransomware using the same techniques. What they can confirm is that the Ghost Army Ransomware is using a 'Lock' string for flagging the names of the content that it locks, which it does through a background file-encryption feature. Text documents, pictures, and other, commonly-used types of work or recreational media are the usual formats at risk.
After it finishes locking everything, the Ghost Army Ransomware swaps out the Windows desktop picture to its ransom note, which tells the users to contact an e-mail address for repairing their files. The people in question, calling themselves a 'Team Ghost,' are not a group that malware experts are connecting to any other active threat campaigns and may be amateurs.
Sending a Cyber-Army into a Rout
The family that the Ghost Army Ransomware gets most of its code from is a small, but semi-important one, thanks to its additional information-exfiltration features and penchant for pretending to be a police-authorized program. For its campaign, the Ghost Army Ransomware is compromising PCs by the simple method of pretending to be a secure VPN (or 'Virtual Private Network') program by the name of 'Hide My Ass.' Users should avoid downloading all software with this name, which is fraudulent and unrelated to any legitimate applications.
The Cybercrooks use their withholding of the decryption keys to encrypted media to force their victims into paying ransoms, such as Bitcoins or vouchers. However, malware experts, besides finding such restoration means unreliable, also can confirm the compatibility of current, no-charge decryption programs with the Ghost Army Ransomware. Contact an appropriate and reputable member of the anti-malware research industry for any help you need with unlocking your files. Users without backups may want to quarantine, instead of deleting the Ghost Army Ransomware with their anti-malware tools completely due to the usefulness of such samples to future analysis.
The Ghost Army Ransomware may be an 'army' of file invaders, but it's an army that requires an invitation before it attacks. Presumptions of the legitimacy of random software from no-name companies can backfire on anyone without frequently-scheduled and secure backups.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.