Summary: The FBI and CISA have issued an alert regarding the Ghost ransomware group, which has been exploiting software and firmware vulnerabilities since January, affecting organizations across over 70 countries. Known for its indiscriminate targeting of poorly patched systems, the group has compromised various sectors including healthcare, education, and critical infrastructure. Their tactics include rapid deployment of ransomware and the use of common hacking tools, with ransom demands reaching hundreds of thousands of dollars.
Affected: Organizations across various sectors globally
Keypoints :
- Ghost ransomware group exploits unpatched vulnerabilities in software and firmware.
- Victims include critical infrastructure, schools, healthcare, and government networks.
- The group operates quickly, deploying ransomware often within the same day after initial compromise.
- Common tools used include Cobalt Strike and Mimikatz, with malware named like Cring.exe and Ghost.exe.
- Financial gain is the primary motive, with ransom demands sometimes in six figures.
Source: https://therecord.media/ghost-cring-ransomware-activity-fbi-cisa-alert
Views: 9