FBI and CISA Warn of Escalating Ghost Ransomware Threat Exploiting Unpatched Systems

The ransomware group has targeted organizations in over 70 countries, leveraging known software vulnerabilities to breach critical infrastructure and other sectors.

• The FBI and CISA issued a joint advisory warning of Ghost ransomware attacks affecting industries such as healthcare, education, government, and critical infrastructure across more than 70 countries.
• Ghost ransomware operators exploit unpatched vulnerabilities in widely used software, including Fortinet FortiOS, Adobe ColdFusion, Microsoft SharePoint, and Microsoft Exchange (ProxyShell).
• The group, active since 2021, frequently rotates malware payloads, ransom note formats, and email addresses, complicating attribution and detection.
• The advisory recommends urgent actions such as maintaining offline backups, patching known vulnerabilities, implementing network segmentation, and enforcing phishing-resistant multi-factor authentication (MFA).
• Ghost ransomware has been linked to Chinese threat actors and uses tools like Cobalt Strike to move laterally within networks and disable antivirus protections after initial compromise.

3 Articles

Forbes The Register BleepingComputer