The FBI has issued a warning about a Chinese ransomware group known as Ghost, which has been targeting critical infrastructure, schools, businesses, and government networks in over 70 countries, Business Insider reports.
The agency, in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), urges organizations to take preventative measures to protect against potential cyberattacks.
Ghost is a ransomware group that has been actively attacking organizations since 2021. The FBI and CISA warn that Ghost has quickly become one of the top ransomware threats, carrying out attacks as recently as January 2024.
According to the advisory, Ghost operates from China and targets a wide range of industries, including:
- Critical infrastructure
- Schools and universities
- Healthcare systems
- Government networks
- Religious institutions
- Technology and manufacturing companies
- Small- and medium-sized businesses
Ghost conducts these attacks for financial gain, demanding ransom payments from victims.
Ransomware is a type of malicious software that encrypts a victim’s files, blocking access until a ransom is paid. Many cybercriminals use phishing emails to trick victims into downloading malware. However, Ghost takes a different approach—exploiting vulnerabilities in outdated software to gain access.
The FBI’s warning highlights that Ghost hackers use publicly available code to attack organizations that have not installed security updates. These attackers gain access by exploiting public-facing applications linked to known software vulnerabilities.
Once inside a system, Ghost often threatens to sell stolen data if the ransom is not paid. However, the FBI notes that the group does not frequently steal large amounts of sensitive information, such as intellectual property or personal data that could cause significant harm if leaked.
Ransomware attacks have become increasingly common worldwide. One notable recent incident was the February 2024 attack on Change Healthcare, a major payment processing arm of UnitedHealth Group. The breach disrupted pharmacies across the US, delaying prescription processing and highlighting the severe impact of cyberattacks on essential services.
The FBI and CISA urge organizations to take preventative steps to reduce their risk of falling victim to Ghost or similar ransomware groups. Recommended security measures include:
- Keeping software up to date by installing security patches for known vulnerabilities.
- Using phishing-resistant multifactor authentication (MFA) to prevent unauthorized access.
- Regularly backing up important data and storing backups offline.
- Educating employees about cybersecurity threats and how to recognize phishing attempts.
The FBI also advises reporting ransomware attacks to law enforcement. The agency is particularly interested in logs of suspicious activity, including:
- Communication with foreign IP addresses
- Ransom notes and messages from attackers
- Bitcoin wallet information linked to ransom payments
- Decryptor files used in attempted recovery efforts
For more details on ransomware prevention and response, organizations can refer to the FBI’s StopRansomware guide for comprehensive cybersecurity strategies.
