Threat Intelligence New GhostLock tool abuses Windows API to block file access May 12, 2026 Share By SC Staff A security researcher has developed a proof-of-concept tool called GhostLock that exploits a legitimate Windows file API to prevent access to local and network-shared files. This technique, demonstrated by Kim Dvash, leverages the CreateFileW API to lock files, causing disruption for other users and applications, according to Bleeping Computer. The GhostLock tool abuses the dwShareMode parameter within the Windows CreateFileW API. By setting this parameter to zero, a process can gain exclusive access to a file, blocking any other attempts to open it. This results in a "STATUS_SHARING_VIOLATION" error for other users or applications. The researcher has made a tool available on GitHub that automates this by recursively opening numerous files on SMB shares. Standard domain users can execute this tool without elevated privileges. While not a destructive attack like ransomware, GhostLock can cause significant operational downtime. It could also serve as a diversion tactic during cyber intrusions, overwhelming IT staff while attackers pursue other malicious activities such as data theft or lateral movement. Many security products are not designed to detect this method, as it involves legitimate file open requests rather than mass encryption or writes. Detection relies on monitoring per-session open-file counts at the file server layer, a metric not typically found in standard Windows event logs or EDR telemetry. Source: Bleeping Computer SC Staff Related Threat Intelligence German authorities shut down relaunched Crimenetwork marketplace, arrest operator SC Staff May 11, 2026 The original Crimenetwork, a significant platform for illicit goods and services, was taken down in December 2024. Threat Intelligence California man sentenced to over 6 years for role in $250 million cryptocurrency heist SC Staff May 8, 2026 The criminal ring targeted individuals believed to hold significant cryptocurrency between late 2023 and early 2025, using social engineering to gain access to digital wallets. Threat Intelligence DDoS attacks surge during Milano Cortina 2026 Winter Games SC Staff May 8, 2026 During the Winter Games period, from February 6 to February 23, 2026, attack volumes were six to 10 times higher than historical levels, peaking at over 2,200 attacks on February 23. Related Events Cybercast Better Threat Intelligence Between Public and Private Sectors On-Demand Event Virtual Conference Nationwide Cybersecurity Summit 2025: Safeguarding America’s Digital Future On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Account Harvesting Black Hat DNS Spoofing Defacement Dictionary Attack Distributed Scans Dumpster Diving Google Hacking Hybrid Attack Reconnaissance You can skip this ad in 5 seconds