In a joint advisory, the FBI, Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center have issued a warning about the Ghost (Cring) ransomware. The advisory urges organizations to take immediate action to mitigate cyber threats.
Since early 2021, Ghost actors have been exploiting outdated software and firmware vulnerabilities to infiltrate networks across more than 70 countries, the agencies warn. These cybercriminals, believed to be based in China, have targeted a wide range of sectors, including critical infrastructure, healthcare, education, and small to medium-sized businesses.
The attackers utilize a variety of ransomware payloads, frequently changing file extensions and ransom notes to evade detection and attribution.
Ghost actors exploit several known vulnerabilities, including CVE-2018-13379, CVE-2010-2861, and CVE-2021-34473, among others. These vulnerabilities are often found in widely used systems such as Fortinet FortiOS, Adobe ColdFusion, and Microsoft Exchange.
By leveraging these weaknesses, the attackers gain initial access to networks, from where they deploy ransomware to encrypt data and demand ransoms.
Mitigation strategies
To combat the threat posed by Ghost ransomware, the advisory outlines several critical actions for organizations:
1. Regular system backups: Maintain backups stored separately from source systems to prevent them from being encrypted during an attack.
2. Patch management: Apply timely security updates to operating systems, software, and firmware to close known vulnerabilities.
3. Network segmentation: Implement network segmentation to restrict lateral movement within the network, limiting the spread of ransomware.
4. Phishing-resistant multi-factor authentication: Require MFA for access to privileged accounts and email services to enhance security.
The advisory emphasizes the importance of proactive measures to reduce the likelihood and impact of ransomware incidents. Organizations are encouraged to visit stopransomware.gov for additional resources and detailed advisories on various ransomware threats. By implementing these recommendations, organizations can strengthen their defenses against the evolving tactics of Ghost actors and other ransomware groups.
Sign up below for The Daily Consumer, our newsletter on the latest consumer news, including recalls, scams, lawsuits and more.