Ghost Ransomware Widespread Attacks on Organizations Internet-Facing Devices

Frank Costa, President, Nexgen Protection Services on Ghost Ransomware: 

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a joint advisory on Ghost ransomware (also known as Cring).

The advisory, which is primarily aimed at network defenders, provides critical details on Ghost ransomware activities, including:

• Indicators of compromise (IOCs)
• Tactics, techniques, and procedures (TTPs)
• Detection methods

The data used to compile the advisory comes from FBI investigations into Ghost ransomware incidents. It highlights how Ghost actors are launching widespread attacks by targeting organizations that use outdated software and firmware on internet-facing devices. These threat actors often exploit publicly available code linked to Common Vulnerabilities and Exposures (CVEs) to gain access to vulnerable systems.

The advisory urges network defenders to carefully assess the risks and take appropriate measures to mitigate them. CISA also recommends reviewing the advisory and implementing its suggested mitigations. For additional guidance on ransomware protection, detection, and response, refer to the #StopRansomware initiative and the associated guide. More information on CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs), including recommended baseline protections, is available on their website.

Source:
Alger, J. (February 21, 2025). CISA and FBI Issue Warning for Ghost Ransomware Activity. Security Magazine.
Hashtags: #protectionservices #securitystandards #publicsafety #mobilesecurity #securitythreats