FBI warns of Chinese hacker group named ‘Ghost’: See full details and how to protect yourself
Ghost has been indiscriminately attacking organizations in over than 70 countries since 2021.
The US Federal Bureau of Investigation (FBI) has now warned of a new ransomware hacker group from China called "Ghost."
Ghost has been indiscriminately attacking organizations in over than 70 countries since 2021, the FBI wrote in a security advisory with the Cybersecurity and Infrastructure Agency (CISA).
Also Read: Alibaba plans to invest $53 billion on AI infrastructure over the next three years
The warning also states that Ghost is now one of the top ransomware groups in the world.
Ransomware refers to a type of malware which lets the hackers encrypt the victim's data until they pay a ransom. Sometimes, these “victims” can even be companies or government agencies.
"Ghost actors, located in China, conduct these widespread attacks for financial gain," the advisory read. "Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses."
Ghost began attacking victims whose internet facing services ran outdated versions of software and firmware, the advisory read.
Though most ransomware hackers use phishing methods such as by sending fake messages to victims, Ghost uses publicly available code to exploit common vulnerabilities in softwares.
Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Also Read: ‘May target American companies’: US demands EU antitrust chief to clarify rules on Big Tech
Names associated with the group include Ghost, Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada, and Rapture.
Meanwhile, samples of ransomware files Ghost used during attacks are Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe.
“Ghost actors use publicly available code to exploit Common Vulnerabilities and Exposures (CVEs) and gain access to internet facing servers,” according to the advisory. “Ghost actors exploit well known vulnerabilities and target networks where available patches have not been applied.”
Steps recommended to protect against Ghost cyberattacks
The FBI and CISA recommends maintaining regular system backups stored separately from the source systems which cannot be altered or encrypted by potentially compromised network devices.
Another recommendation is to patch known vulnerabilities by applying timely security updates to operating systems, software, and firmware within a risk-informed timeframe.
Also Read: PM Kisan: 19th instalment to be issued today. See eligibility, eKYC Process, beneficiary list
Use phishing-resistant Multi-Factor Authentication (MFA) for accessing all important accounts and email services accounts.
Restrict lateral movement from initial infected devices and other devices in the same organization by segmenting networks.
