Summary: The US cybersecurity agency CISA and the FBI have warned about a Chinese ransomware operation named Ghost that has impacted organizations in over 70 countries since 2021. Known also as Cring, this ransomware targets critical infrastructure, government, and various other sectors for financial gain, utilizing sophisticated methods to complicate tracking and attribution. The advisory details the threat’s tactics, techniques, and the critical vulnerabilities exploited by the attackers.
Affected: Organizations across critical infrastructure, education, government, manufacturing, technology, and religious institutions
Keypoints :
- Ghost ransomware operates for financial gain, targeting a wide range of sectors since 2021.
- It exploits known vulnerabilities, deploys web shells, and performs lateral movement using various tools.
- The ransomware group clears event logs and disables recovery services before holding encrypted data for ransom, demanding cryptocurrency payments.
Source: https://www.securityweek.com/cisa-fbi-warn-of-china-linked-ghost-ransomware-attacks/
Views: 6