Ransomware Group ‘Ghost’ Wreaks Havoc Across 70+ Countries
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory about the activities of a ransomware group from China dubbed Ghost, which has compromised organizations in over 70 countries over the past four years.
About the Ghost Group
The Ghost group began its activities in early 2021, but attacks have been observed as recently as last month. It seems the attackers regularly change their ransomware payloads, ransom text, the extension for encrypted files, or the email addresses used for ransoms. This has led to the group being referred to under different names over the years, including Ghost, Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarad, and Rapture.
Methods of Compromise
The group primarily gains access to networks by exploiting known vulnerabilities in web applications, servers, and hardware appliances that are exposed to the internet and haven’t been patched.
Victims
Victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and many small- and medium-sized businesses, the agencies said.
Joint Advisory Issued by FBI and CISA
A joint advisory was issued by the FBI and CISA to warn organizations of the threats posed by the Ghost group.
Conclusion
In conclusion, the Ghost ransomware group has been a significant threat to organizations worldwide, compromising networks and demanding ransom payments. It is essential for organizations to prioritize cybersecurity, patch known vulnerabilities, and implement robust security measures to prevent such attacks.
FAQs
- What is the Ghost ransomware group?
The Ghost group is a ransomware group from China that has compromised organizations in over 70 countries over the past four years. - How does the group gain access to networks?
The group primarily gains access to networks by exploiting known vulnerabilities in web applications, servers, and hardware appliances that are exposed to the internet and haven’t been patched. - What types of organizations have been targeted?
Victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and many small- and medium-sized businesses. - What can organizations do to protect themselves?
Organizations can protect themselves by prioritizing cybersecurity, patching known vulnerabilities, and implementing robust security measures to prevent such attacks.
