CyberInsider

Reliable cybersecurity news and resources

General

Latest News

About

CyberInsider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

FBI Warns of Ghost Ransomware Attacks Targeting 70 Countries

By Leave a Comment

The FBI, in collaboration with CISA and MS-ISAC, has issued a cybersecurity advisory warning of widespread attacks by the Ghost (Cring) ransomware group, which has compromised organizations across more than 70 countries.

The threat actors, based in China, have targeted critical infrastructure, government agencies, educational institutions, healthcare facilities, and businesses of various sizes.

According to the FBI's findings, the ransomware group has been active since early 2021, exploiting outdated software and known vulnerabilities to gain access to victim networks. Among the vulnerabilities leveraged are CVE-2018-13379 (Fortinet FortiOS), CVE-2010-2861 (Adobe ColdFusion), and CVE-2021-34473 (Microsoft Exchange ProxyShell attack chain).

Once inside, the attackers deploy ransomware payloads such as Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe, encrypting victim files and demanding ransom payments ranging from tens to hundreds of thousands of dollars in cryptocurrency.

The advisory highlights that Ghost actors operate swiftly, often moving from initial compromise to ransomware deployment within a single day. While their ransom notes claim that exfiltrated data will be sold if demands are not met, the FBI has observed only limited data theft, typically under a few hundred gigabytes. Despite their aggressive tactics, the group tends to abandon attacks if confronted with well-secured networks that prevent lateral movement.

To mitigate the risk of Ghost ransomware attacks, the FBI and CISA recommend organizations implement the following security measures:

  • Maintain offline or segmented backups to prevent data loss.
  • Apply timely security updates to known vulnerabilities.
  • Restrict lateral movement within networks through segmentation.
  • Require phishing-resistant multi-factor authentication (MFA) for privileged accounts.
  • Implement email security filters and authentication protocols to block phishing attempts.
  • Monitor for unauthorized PowerShell use and abnormal network traffic.

The FBI urges affected organizations to report ransomware incidents and avoid paying ransom, as payments do not guarantee data recovery and may encourage further attacks. Organizations can report incidents to the FBI's Internet Crime Complaint Center (IC3) or CISA's 24/7 Operations Center.

About Amar Ćemanović

Amar Ćemanović is an experienced editor and trained engineer with a keen eye for detail and a passion for technology. 
Based in Bosnia, Amar specializes in producing high-quality, engaging content. He holds a Master’s degree in engineering, which helps him maintain a meticulous approach to all editorial work. Amar brings a well-rounded knowledge base, covering everything from tech solutions to privacy tools.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *