HolyGhost Ransomware

Holy Ghost Ransomware is an organisation operating since June 2021, carrying out small-scale double extortion attacks. Its method consists of stealing information and threatening to expose it on its TOR domain.

According to researchers, the group chooses not to attack large institutions that require time and complex strategies. But they aim to conduct smaller operations in several countries, targeting the financial, educational and industrial sectors.

Holy Ghost encrypts the victim by adding the extension “.h0lyenc” to each infected file, blocking access to the information.

To obtain financial return on its operations, the group asks for amounts ranging from 1.2 to 5 bitcoins in order to decrypt the victim’s data. It is worth noting that dealing with the group is extremely dangerous and can result in further losses.

During investigations, it was detected that Holy Ghost is North Korean, with no support from the local government, focused only on the income of the hackers involved in the project.

One feature that caught the attention of investigators is that the tools used by the group were created by another ransomware extension known as PLUTONIUM. This could indicate a possible link between the groups.

It is common for ransomware groups to use different names in their attacks, Holy Ghost is just one of several names of the organization, it is also known as SiennaPurple, H0lyGh0st and DEV-0530.

Recover files encrypted by HolyGhost ransomware

Digital Recovery is able to recover files encrypted by ransomware without negotiating with hackers.

We have been working in the data recovery market for over 23 years, developing unique and innovative technologies that are prominent in the market.

We recognise the damage that file loss can cause to victims, so our team of engineers are ready to tackle each occurrence with agility and efficiency. For most services, we offer a remote solution to prevent further damage.

Know that with Digital Recovery all information is legally regularized according to the General Data Protection Regulation (GDPR). And we have also drawn up our own confidentiality agreement (NDA) that will result in confidentiality of information without risk of exposure.

We have already helped our clients not to lose millions of dollars by paying the ransom. For extreme cases, it is possible to trigger the emergency mode, where our experts will provide exclusive 24×7 service.

Talk to one of our specialists now and receive a real-time diagnosis.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that

Récupérer le Ransomware Makop

Makop Ransomware

The Makop ransomware has grown through its affiliate programme, RaaS (Ransomware as a Service), a tactic that aims to find partners to carry out attacks


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.