2025-02-23 02:40:31 Pacfic
CISA Issues Advisory on Ghost (Cring) Ransomware Threat - 10h
A joint cybersecurity advisory was recently issued by CISA, the FBI, and MS-ISAC, warning organizations about the persistent threat of Ghost (Cring) ransomware. This sophisticated cyber threat has been actively targeting critical infrastructure, businesses, and government entities worldwide. The advisory, part of the #StopRansomware campaign, details attack methods, technical information, and mitigation strategies needed to defend against this dangerous ransomware strain. The Ghost ransomware crew has been observed exploiting known vulnerabilities and stolen credentials to infiltrate networks, encrypt data, and demand ransom payments.
The cybersecurity agencies recommend implementing Zero Trust architectures, patching vulnerabilities, and strengthening identity security to defend against this escalating threat. The rapid attack lifecycle, sometimes achieving full encryption within a day, is a key concern. Attackers often exploit public-facing applications by targeting vulnerabilities in Fortinet FortiOS, Adobe ColdFusion, Microsoft Exchange, and Microsoft SharePoint. Once inside, the actors deploy Cobalt Strike Beacon malware, steal credentials, disable defenses, and spread the ransomware across the network. Organizations are urged to follow the mitigation recommendations provided in CISA Alert AA25-050A.
ImgSrc: www.tenable.com
References:
- SecureWorld News - Ghost Ransomware a Persistent Global Threat to Critical Infrastructure - 1d
- Tenable Blog - Cybersecurity Snapshot: Ghost Ransomware Group Targets Known Vulns, CISA Warns, While Report Finds Many Cyber Pros Want To Switch Jobs - 1d
- AboutDFIR ? The Definitive Compendium Project - Ghost ransomware crew continues to haunt IT depts with scarily bad infosec - 11h
- Resources-2 - Ghost (Cring) Ransomware Analysis, Simulation, and Mitigation - CISA Alert AA25-050A - 11h
- socprime.com - Ghost (Cring) Ransomware Detection: The FBI, CISA, and Partners Warn of Increasing China-Backed Group’s Attacks for Financial Gain - 4h
Classification:
- HashTags: Ransomware Cybersecurity CISA
- Company: CISA
- Target: Organizations worldwide
- Attacker: Ghost
- Feature: Ransomware
- Type: Ransomware
- Severity: Major