- FBI and CISA have warned about ghost ransomware operators
- Threat actors are reaching the critical infrastructure, the government and other organizations
- They are violating nets through vulnerable and blunt end points
The cybercriminal groups that use the ghost ransomware variant have successfully violated organizations in more than 70 countries around the world, they have affirmed.
A new joint security notice, recently published by the United States Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Information Analysis and Information Analysis Center of multi-states (MS-ISAC) indicated that the Groups are mainly directed to critical infrastructure organizations, but are also interested in medical care, government, technology, manufacturing and other vertical. Victims organizations can be large companies and small or medium enterprises (SMB).
“At the beginning of 2021, Ghost actors began attacking victims whose internet -oriented services had obsolete versions of software and firmware,” said the three agencies in the report. “This indiscriminate orientation of networks that contain vulnerabilities has led to the commitment of organizations in more than 70 countries, including organizations in China.”
Different names
Since the groups use different names, different archives extensions, different rescue notes and more, the attribution was relatively difficult, more was explained. Apparently, they used multiple names, including ghost, grade, Crypt3r, Ghost, Strike, Hello, Wickrme, Hsharada and Rapto. For encryptadores, the researchers observed Cring.exe, Ghost.exe, Elysiumo.exe and Locker.exe.
To compromise their victims, the groups were for final points without blinking. Most of the time, they were pointing to Fortinet (CVE-2018-13379), Coldfusion (CVE-2010-2861, CVE-2009-3960) and Interlejue (CVE-2021-34473, CVE-2021-34523, CVE-2011 -31207) Failures.
The best way to defend against ghost ransomware is to keep their software and hardware updated. All vulnerabilities listed in the report have already been set by their respective suppliers, so mitigating risk is as easy as applying a patch.
In addition to the defects mentioned above, the computer pirates sponsored by the State were also aimed at CVE-2018-13379 A, among other things, violate US electoral support systems connected to the Internet. This error was paveled years ago, with Fortinet warn about its abuse on numerous occasions throughout 2019, 2020 and 2021.
Through Bleepingcomputer
