Skip to content
Ransomware group

HolyGhost

HolyGhost is a ransomware strain that has been linked to North Korean threat actors.

Profile source: Mallory opens in a new tab

HolyGhost

Family profile

HolyGhost is a ransomware strain that has been linked to North Korean threat actors. In the provided content, it is referenced as one of several ransomware families previously associated with North Korean operators, alongside PLAY, Maui, and Qilin. The content does not provide specific technical details on HolyGhost’s capabilities, infection vectors, targeted platforms, victimology, or indicators of compromise. The only high-confidence attribution stated is its prior linkage to North Korean threat actors.

Ransomware.live

Operational record

View group record ↗

Reported operators

Threat actors

1 named in public reporting
Lazarus

North Korean threat actors have previously been linked to other ransomware strains such as HolyGhost, PLAY, Maui, Qilin...

Reporting

Research mentioning HolyGhost

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.