Ransomware HolyGhost

The Holy Ghost Ransomware is an organization that has been operating since June 2021, carrying out small-scale double extortion attacks. Its method consists of stealing information and threatening to expose it on its TOR domain.

According to the researchers, the group chooses not to attack large institutions that require time and complex strategies. But they aim to conduct smaller operations in several countries, targeting the financial, educational, and industrial sectors.

Holy Ghost encrypts the victim by adding the extension “.h0lyenc” to each infected file, blocking access to the information.

To obtain a financial return on its operations, the group asks for amounts ranging from 1.2 to 5 bitcoins in order to decrypt the victim’s data. It is worth noting that dealing with the group is extremely dangerous and can result in further losses.

Upon investigation, it was detected that Holy Ghost is North Korean, with no support from the local government, focused solely on the own income of the hackers involved in the project.

One feature that caught the attention of investigators is that the tools used by the group were created by another ransomware extension known as PLUTONIUM. This could indicate a possible connection between the groups.

It is common for ransomware groups to use different names in their attacks, Holy Ghost is just one of several names of the organization, it is also known as SiennaPurple, H0lyGh0st and DEV-0530.

Recover files encrypted by HolyGhost ransomware

Digital Recovery is able to recover files encrypted by ransomware without negotiating with hackers.

We have been working in the data recovery market for over 23 years, developing unique and innovative technologies that are prominent in the market.

We recognize the damage that file loss can do to victims, so our team of engineers is ready to tackle each occurrence with agility and efficiency. For most services, we offer a remote solution, preventing further damage.

We have also drawn up our own confidentiality agreement (NDA) that will result in information secrecy without risk of exposure.

We have already helped our clients not to lose millions of dollars by paying the ransom. For extreme cases, you can trigger the emergency mode, where our experts will provide exclusive 24×7 support.

Talk to one of our specialists now and receive a real-time diagnosis.

Digital Recovery helps companies recover data

Check out other posts

Do you need Data Recovery?

Speak directly to an expert now:

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.

Discover the invisible vulnerabilities in your IT – with the 4D Pentest from Digital Recovery