A joint report from the FBI and CISA has revealed that the Ghost Ransomware group has been targeting businesses running outdated hardware and software. Since 2021, the gang has victimized multiple organizations in over 70 countries, including China.
According to the report from the Multi-State Information Sharing and Analysis Center (MS-ISAC), the ransomware group frequently alters the file extensions of encrypted files and modifies the content of ransom notes. They also change the email addresses used for ransom communication, making it harder to trace their activities and link them to a particular group.
The group’s tactics evolve constantly. For instance, they may focus on attacking healthcare organizations one month, while targeting businesses in tech, education, and manufacturing sectors the next. Additionally, the Ghost Ransomware continuously rebrands itself, complicating efforts to attribute attacks to a specific malware variant. This shifting strategy also makes it challenging to access free decryption keys available online.
Over a four-year period, Ghost Ransomware has been associated with various other malware names, including Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada, and Rapture.
Businesses are urged to adopt a proactive approach to cybersecurity to defend against such threats, regardless of the malware or group responsible. Key recommendations include regular backups, timely patching of operating systems, upgrading firmware and software, implementing network segmentation, and enforcing multi-factor authentication (MFA) to protect against phishing attacks.
IT leaders such as CISOs, CTOs, and CFOs are encouraged to advocate for sufficient IT budgets to ensure their organizations can defend against emerging threats and vulnerabilities effectively.
