Ransomware HolyGhost

The Holy Ghost Ransomware is an organization that has been operating since June 2021, carrying out small-scale double extortion attacks. Its method consists of stealing information and threatening to expose it on its TOR domain.

According to the researchers, the group chooses not to attack large institutions that require time and complex strategies. But they aim to conduct smaller operations in several countries, targeting the financial, educational, and industrial sectors.

Holy Ghost encrypts the victim by adding the extension “.h0lyenc” to each infected file, blocking access to the information.

To obtain a financial return on its operations, the group asks for amounts ranging from 1.2 to 5 bitcoins in order to decrypt the victim’s data. It is worth noting that dealing with the group is extremely dangerous and can result in further losses.

Upon investigation, it was detected that Holy Ghost is North Korean, with no support from the local government, focused solely on the own income of the hackers involved in the project.

One feature that caught the attention of investigators is that the tools used by the group were created by another ransomware extension known as PLUTONIUM. This could indicate a possible connection between the groups.

It is common for ransomware groups to use different names in their attacks, Holy Ghost is just one of several names of the organization, it is also known as SiennaPurple, H0lyGh0st and DEV-0530.

Recover files encrypted by HolyGhost ransomware

Digital Recovery is able to recover files encrypted by ransomware without negotiating with hackers.

We have been working in the data recovery market for over 23 years, developing unique and innovative technologies that are prominent in the market.

We recognize the damage that file loss can do to victims, so our team of engineers is ready to tackle each occurrence with agility and efficiency. For most services, we offer a remote solution, preventing further damage.

We have also drawn up our own confidentiality agreement (NDA) that will result in information secrecy without risk of exposure.

We have already helped our clients not to lose millions of dollars by paying the ransom. For extreme cases, you can trigger the emergency mode, where our experts will provide exclusive 24×7 support.

Talk to one of our specialists now and receive a real-time diagnosis.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

AtomSilo Ransomware

Ransomware AtomSilo

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.