Emerging Threat Actor GD LockerSec Launches New RansomHub-Lookalike Site, Claims AWS

• GD LockerSec, a new threat actor in the ransomware landscape, announced four confirmed victims on its leak website.
• Moreover, the site contains a high-profile claim, as the group reportedly accessed Amazon AWS data.
• The resemblance to the leak site of the notorious RansomHub Ransomware gang may suggest potential ties to the group.

A new ransomware leak site attributed to the emerging actor GD LockerSec has surfaced, appearing to emulate the design of the infamous RansomHub platform but with a distinct visual style reminiscent of FunkSec’s neon-heavy aesthetics. 

The GD LockerSec group is already making headlines due to the gang’s bold claims and alleged swift activity, including Amazon AWS.

Currently, GD LockerSec has listed four new victim organizations across various industries. While exact victim details are still under investigation, early indications suggest a targeted approach mirroring other modern ransomware operators. 

What’s particularly shocking is GD LockerSec's claim of possessing sensitive content allegedly tied to Amazon Web Services (AWS). The January 22 post alleges the threat group stole 9GB of data.

If substantiated, this AWS claim could signify a highly impactful breach that would elevate the group’s profile and pose significant repercussions for the cybersecurity community at large.

The leak site’s design raises questions about its origins and potential ties to other ransomware groups. Its overall structure closely resembles that of RansomHub, pointing to the possibility of borrowed frameworks or direct inspiration. 

However, the addition of a visually striking neon-heavy theme—a hallmark of FunkSec—suggests that GD LockerSec is looking to establish its own unique identity in the ransomware ecosystem while benefiting from familiar operational tactics.

RansomHub appeared in February 2024 and has since surpassed LockBit as the leading Ransomware as a Service (Raas) model.