Ghost ransomware has hit firms in over 70 countries, FBI and CISA warn

News
By published

Ransomware groups were often changing names and encryptors

data recovery
(Image credit: Shutterstock)
  • FBI and CISA have warned about Ghost ransomware operators
  • The threat actors are hitting critical infrastructure, government, and other organizations
  • They are breaching networks through unpatched, vulnerable endpoints

Cybercriminal groups using the Ghost ransomware variant have so far successfully breached organizations in more than 70 countries around the world, experts have claimed.

A new joint security advisory, recently published by the US Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) noted the groups are mostly targeting critical infrastructure organizations, but are also interested in healthcare, government, technology, manufacturing, and other verticals. The victim organizations can be both large enterprises and small- or medium-sized businesses (SMB).

"Beginning early 2021, Ghost actors began attacking victims whose internet-facing services ran outdated versions of software and firmware," the three agencies said in the report. "This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China."

Different names

Since the groups use different names, different file extensions, different ransom notes, and more, attribution was relatively difficult, it was further explained. Apparently, they used multiple names, including Ghost, Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada, and Rapture. For encryptors, the researchers observed Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe.

To compromise their victims, the groups went for unpatched endpoints. Most of the time, they were targeting Fortinet (CVE-2018-13379), ColdFusion (CVE-2010-2861, CVE-2009-3960), and Exchange (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) flaws.

The best way to defend against Ghost ransomware operators is to keep your software and hardware up to date. All of the vulnerabilities listed in the report have already been fixed by their respective vendors, so mitigating the risk is as easy as applying a patch.

Besides the above-mentioned flaws, state-sponsored hackers were also targeting CVE-2018-13379 to, among other things, breach internet-connected US election support systems. This bug was patched years ago, with Fortinet warning about its abuse on numerous occasions throughout 2019, 2020, and 2021.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Code Skull
US government warns Medusa ransomware has hit hundreds of critical infrastructure targets
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
More reports claim 2024 was the worst year for ransomware attacks yet
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
ransomware avast
“Every organization is vulnerable” - ransomware dominates security threats in 2024, so how can your business stay safe?
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
59 organizations reportedly victim to breaches caused by Cleo software bug
Lock on Laptop Screen
Clop ransomware lists Cleo cyberattack victims
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Teams
Microsoft Teams is finally adding a tiny but crucial feature I honestly can't believe it never had
Apple Watch Ultra 2 move data
Apple is reportedly planning a huge future Apple Watch upgrade to turn it into an AI device with onboard cameras
Apple watch pair with iphone
The Apple Watch SE 3 is apparently in 'serious jeopardy', and the news isn't much better for the Ultra 3 or Series 11
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
More about security
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)

This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Sky Glass Gen 2

It's a Glass act: the next generation of Sky Glass TV is now at Currys
See more latest
Most Popular
Sky Glass Gen 2
It's a Glass act: the next generation of Sky Glass TV is now at Currys
Teams
Microsoft Teams is finally adding a tiny but crucial feature I honestly can't believe it never had
Apple Watch Ultra 2 move data
Apple is reportedly planning a huge future Apple Watch upgrade to turn it into an AI device with onboard cameras
Apple watch pair with iphone
The Apple Watch SE 3 is apparently in 'serious jeopardy', and the news isn't much better for the Ultra 3 or Series 11
ClinkCaim laptop
Laptop prototype with detachable AI webcam (but without a normal touchpad) wins award at the 'Oscars' of the design industry
Compal Infinite Laptop
This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
Silicon Motion MonTian 128TB SSD
More 128TB SSDs on the way, but they won't be cheaper: Key maker of NAND flash controllers says 128TB SSDs are shipping
Toshiba HDD Innovation Lab
How to make hard drives faster? Simple, just bunch dozens of them together, Toshiba says
Asus Ascent GX10
Asus debuts its own mini AI supercomputer: Ascent GX10 costs $2999 and comes with Nvidia's GB10 Grace Blackwell Superchip
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025