Ghost Ransomware Continues To Infect Critical Infrastructure, Feds Warn

Mirnotoriety shares a report from The Register: The operators of Ghost ransomware continue to claim victims and score payments, but keeping the crooks at bay is possible by patching known vulnerabilities and some basic infosec actions, according to a joint advisory issued Wednesday by the FBI and US Cybersecurity and Infrastructure Security Agency. The Feds warned orgs to beware of this spectral menace, which is known to have infected critical infrastructure and entities in every sector of a typical economy, and which has been observed scoring ransoms as recently as January. It is said to have racked up victims in more than 70 countries, including some in its China homeland.

Ghost first appeared in 2021, and according to the Feds, the gang will 'rotate their ransomware executable payloads, switch file extensions for encrypted files, modify ransom note text, and use numerous ransom email addresses, which has led to variable attribution of this group over time.' The Chinese group has therefore been identified as Ghost, Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada, and Rapture over time. The group's favored tactics, however, remain consistent: It targets unpatched systems to exploit known vulnerabilities that allow it to infect targets.

Read more of this story at Slashdot.