Ghost Ransomware Continues To Infect Critical Infrastructure, Feds Warn

The FBI and US Cybersecurity and Infrastructure Security Agency have issued a joint advisory warning organizations about the Ghost ransomware, which has been claiming victims and scoring payments. The ransomware has infected critical infrastructure and entities in every sector of the economy, with victims in over 70 countries, including China. Ghost first appeared in 2021 and has been observed scoring ransoms as recently as January. The group behind Ghost has been identified by various names, including Cring, Crypt3r, and Phantom, due to their tactics of rotating ransomware payloads and modifying ransom notes. Despite the variable attribution, the group's tactics remain consistent, targeting unpatched systems to exploit known vulnerabilities. The advisory emphasizes that patching known vulnerabilities and taking basic infosec actions can help keep the crooks at bay. The Ghost group's ability to adapt and change their tactics has made it challenging to track them. The FBI and US Cybersecurity and Infrastructure Security Agency are urging organizations to take action to protect themselves from this threat. By taking proactive measures, organizations can reduce the risk of falling victim to Ghost ransomware. The advisory serves as a reminder of the importance of prioritizing cybersecurity and staying vigilant against evolving threats.