The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware.
This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- L.A. Courts Owe Public Full Accounting After July Ransomware Attack
August 19, 2024
The Los Angeles Superior Court has an enormous data and online system that for years remained too vulnerable to hackers. The court began stepping up its monitoring, defenses and response operations less than two years ago, and it belatedly brought on a cybersecurity officer – a standard move for any large organization, public or private ...
- How the ransomware attack at Change Healthcare went down: A timeline
August 17, 2024
A ransomware attack earlier this year on UnitedHealth-owned health tech company Change Healthcare likely stands as one of the largest data breaches of U.S. health and medical data in history. Months after the February data breach, a “substantial proportion of people living in America” are receiving notice by mail that their personal and health information was ...
- FBI: Ransomware Disruptions during Voting Periods Will Not Impact the Security and Resiliency of Vote Casting or Counting
August 16, 2024
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are issuing this announcement to inform the public that while ransomware attacks against state or local government networks or election infrastructure could cause localized delays, they will not compromise the security or accuracy of vote casting or tabulation processes Ransomware affecting state ...
- T-Mobile Fined $60 Million to Settle Alleged National Security Violations
August 15, 2024
Wireless company T-Mobile US has agreed to pay about $60 million to settle allegations it failed to promptly report incidents of unauthorized data access in violation of a national security agreement that allowed its merger with rival Sprint, according to senior U.S. government officials. The civil penalty, announced Wednesday by the Committee on Foreign Investment in ...
- UK, US supervise Ukrainian scam call centers – Russian Interior Ministry
August 15, 2024
The special services of the United Kingdom and the United States control and supervise Ukrainian scam call centers, a spokesman for the Russian Interior Ministry said. “The most important thing is that they are fully controlled by the special services of Ukraine, the special services of the UK and the US. Remote thefts ...
- Kootenai Health cyber attack impacts 464,000 patients
August 15, 2024
US healthcare provider Kootenai Health has revealed that data belonging to 464,000 patients has been compromised following a cyber attack. The non-profit health system, based in Coeur d’Alene, Idaho, said it was alerted to a potential data breach in March 2024 after noticing “unusual activity that disrupted access to certain IT systems”. Following an investigation, Kootenai ...