FBI and CISA Warn of Ghost Ransomware A Threat to Firms Worldwide

pA joint advisory from the Federal Bureau of Investigation FBI Cybersecurity and Infrastructure Security Agency CISA and the MultiState Information Sharing and Analysis Center MSISAC reveals the ongoing threat of Ghost ransomware also known as Cring ppActive since early 2021 this group operating out of China has targeted organizations in over 70 countries impacting critical infrastructure schools healthcare government networks and businesses of all sizes Their motive is purely financial gainppGhost actors exploit known vulnerabilities in internetfacing services running outdated software and firmware Their modus operandi involves using publicly available code to exploit known vulnerabilities such as those in Fortinet FortiOS appliances Adobe ColdFusion Microsoft SharePoint and Microsoft Exchange Once inside they deploy ransomware payloads including Cringexe Ghostexe ElysiumOexe and Lockerexe which encrypt files and demand hefty ransoms in cryptocurrencyppWhile Ghosts ransom notes often threaten to sell stolen data they typically exfiltrate limited amounts of information focusing on encrypting systems for ransomppThe advisory provides a list of indicators of compromise IOCs including file hashes ransom email addresses and tools used by Ghost actors Organizations should investigate any presence of these IOCs on their networks Unusual network traffic such as scans for vulnerable devices manipulation of administrator accounts and execution of unfamiliar PowerShell scripts can also indicate Ghost activityppThe advisory also stresses the importance of basic security measures to defend against Ghost ransomware One key measure is maintaining regular backups preferably offline or segmented to enable system restoration without succumbing to ransom demands Timely patching software and firmware is also vital in addressing known vulnerabilities before they can be exploited ppOrganizations should implement network segmentation by isolating compromised systems to limit the spread of infections Strengthening authentication methods is another vital step with phishingresistant multifactor authentication MFA recommended for all privileged and email accountsppCybersecurity training for employees also helps overcome the risks of phishing attacks Additionally monitoring PowerShell usage can help detect malicious activity early ppOrganizations should also implement allowlisting to restrict the execution of unauthorized applications and scripts reducing the risk of malware infiltration Network monitoring is essential for identifying and investigating any abnormal behaviour that could indicate a security breachppFurthermore minimizing service exposure by disabling unnecessary ports and restricting access to essential services can significantly reduce vulnerabilities Lastly enhancing email security through advanced filtering and antispoofing measures helps prevent phishing attempts and other emailbased threatsppAs Juliette Hudson CTO of CybaVerse notes Ghost is a serious nationstate threat exploiting known CVEs in widely used tech Organizations must prioritize patching and remediation to prevent attacks Unlike many ransomware groups relying on social engineering Ghost exploits vulnerabilities for initial access This highlights the urgency of timely security updates as exploitation windows are shrinking Strong cybersecurity hygiene vulnerability testing and security awareness training especially against AIdriven phishing and deepfakes are essential to defencepp
Email Address

pp
Name

pp

ppSuper secure VPNppMinimal data loggingppFavorable privacy policyppVisit IPVanishpp
The display of thirdparty trademarks and trade names on the site do not necessarily indicate any affiliation or endorsement of Hackreadcom If you click an affiliate link and buy a product or service we may be paid a fee by that merchant p