Ghost Ransomware has hit companies in over 70 countries, FBI and CISA warns

The FBI and CISA have warned about ghost -ransomware -operators
Threat actors affect critical infrastructure, government and other organizations
They violate networks through uponthe, vulnerable endpoints

Cyber criminal groups using the ghost transomware -variant have so far successfully violated organizations in more than 70 countries around the world, experts have claimed.

A new joint security advice recently published by US Cyber Security and Infrastructure Security Agency (CISA), FBI and Multi-State Information Sharing and Analysis Center (MSISAC) noted that the groups are mostly aimed at critical infrastructure organizations but are Also interested in healthcare, government, technology, manufacturing and other verticals. The sacrificial organizations can be both large companies and small or medium -sized companies (SMB).

“From the beginning of 2021, ghost players began to attack victims whose internet -facing services ran outdated versions of software and firmware,” the three agencies said in the report. “This arbitrary targeting of networks containing vulnerabilities has led to compromise with organizations in more than 70 countries, including organizations in China.”

Different names

As the groups use different names, different file extensions, different ransom -notes and more attribution were relatively difficult, it was further explained. Apparently they used several names, including Ghost, Cling, Crypt3r, Phantom, Strike, Hello, Wickrme, Hsharada and Rapture. For encrypters, the researchers observed cring.exe, ghost.exe, elysiumo.exe and locker.exe.

To compromise on their victims, the groups went after uncontrolled final points. Most of the time, they were targeted at Fortinet (CVE-2018-13379), Coldfusion (CVE-2010-2861, CVE-2009-3960) and Exchange (CVE-2021-34473, CVE-2021-34523, CVE-2021- 31207) Missing.

The best way to defend against ghost transomware operators is to keep your software and hardware up to date. All the vulnerabilities listed in the report have already been determined by their respective suppliers, so that mitigating the risk is as easy as using a patch.

In addition to the above-mentioned, targeted state-sponsored hackers also CVE-2018-13379 to violate Internet-connected US electoral support systems, among other things. This error was patched many years ago, with the tin -warning of its abuse on several occasions throughout 2019, 2020 and 2021.

Via Bleeping computer

Must Read

Leave a Comment Cancel Reply