The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has issued a joint Cybersecurity Advisory on Ghost (Cring) ransomware.
The advisory, titled #StopRansomware: Ghost (Cring) Ransomware, provides network defenders with key indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods identified through FBI investigations.
Ghost ransomware actors target firms with outdated software and firmware in their internet-facing services. The advisory warns that these bad actors exploit known vulnerabilities where patches have not been applied to gain unauthorized access.
The identified Common Vulnerabilities and Exposures (CVEs) include:
- CVE-2018-13379
- CVE-2010-2861
- CVE-2009-3960
- CVE-2021-34473
- CVE-2021-34523
- CVE-2021-31207
CISA urges network defenders to review the advisory and implement the recommended mitigations. Additional resources, including the #StopRansomware Guide and CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs), offer further guidance on ransomware protection, detection, and response strategies.
Highlighting a Persistent Reality
Darren Guccione, CEO and Co-Founder of Keeper Security, stressed the urgency for businesses to address vulnerabilities before bad actors exploit them: “The Ghost ransomware campaign highlights the persistent reality that adversaries exploit known vulnerabilities faster than many organizations can patch them. This reinforces the critical need for proactive risk management – security leaders must ensure that software, firmware, and identity systems are continuously updated and hardened against exploitation.”
Guccione added that identity security remains a weak point in ransomware defense, saying that identity security is a persistent weak point in defending against ransomware attacks. “Threat actors are using harvested credentials to escalate privileges and disable defenses. Enterprises should implement a privileged access management solution to enforce multi-factor authentication, a zero-trust framework, and least-privilege access controls to prevent lateral movement.”
Strong password security is also vital, according to Guccione. He advises entities to eliminate weak and reused credentials by enforcing robust password policies: “Organizations should eliminate weak and reused credentials by enforcing robust password policies requiring unique, complex passwords that are at least 16 characters long and stored in an enterprise password manager. Regular audits of privileged accounts and eliminating unused credentials can significantly reduce the risk of exposure.”
A Global Cybersecurity Challenge
The Ghost ransomware campaign is another global threat impacting critical infrastructure, healthcare, government agencies, and small-to-medium businesses (SMBs), and Guccione urges security leaders to take action. “Security leaders must act decisively to reduce their attack surface, invest in zero-trust architectures, and deploy robust endpoint and identity security controls to mitigate ransomware risks before they escalate into business-disrupting incidents.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.