A recent joint report from the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) has shed light on the Ghost Ransomware group’s targeting of businesses that use outdated hardware and software. Since the year 2021, this cybercriminal gang has been responsible for numerous attacks on organizations in more than 70 countries, including China.
The report, as per the Multi-State Information Sharing and Analysis Center (MS-ISAC), highlights the modus operandi of the ransomware group, which involves changing file extensions of encrypted files, altering the content of ransom notes, and frequently switching email addresses for ransom communication. These tactics are employed to make it difficult to track their activities and attribute them to a specific group.
The Ghost Ransomware group’s strategies are in a state of constant evolution. They may target healthcare organizations one month and switch to businesses in the technology, education, and manufacturing sectors the next. Moreover, the group consistently rebrands itself, making it challenging to link attacks to a specific malware variant and hindering efforts to access free decryption keys available online.
Over the course of four years, Ghost Ransomware has been associated with various other malware names, such as Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada, and Rapture. Businesses are advised to take a proactive stance on cybersecurity to defend against such threats, irrespective of the malware or group behind them. Recommendations include maintaining regular backups, promptly updating operating systems, upgrading firmware and software, establishing network segmentation, and implementing multi-factor authentication (MFA) to ward off phishing attacks.
Information technology (IT) leaders like Chief Information Security Officers (CISOs), Chief Technology Officers (CTOs), and Chief Financial Officers (CFOs) are urged to advocate for adequate IT budgets to ensure their organizations can effectively combat emerging threats and vulnerabilities.
In conclusion, the Ghost Ransomware group’s sophisticated tactics underscore the importance of robust cybersecurity measures for businesses across various sectors. By staying vigilant and adopting best practices in cybersecurity, organizations can fortify their defenses against evolving cyber threats and mitigate the risk of falling victim to ransomware attacks.