CISA has raised alarms about the Ghost ransomware gang, operational for at least four years and exploiting vulnerable internet-facing services worldwide. The advisory noted that since early 2021, the gang has attacked various entities including critical infrastructure, educational institutions, healthcare systems, and small businesses in over 70 nations. Despite being thought to originate in China, the group employs diverse tactics that complicate attribution. Cybersecurity investigations reveal the group often rotates ransomware payloads and exploits specific CVEs in public-facing applications, making them an effective cybersecurity threat.
CISA has issued a warning regarding the Ghost ransomware gang, which has attacked vulnerable internet-facing services globally for over four years.
Affected victims of Ghost ransomware include critical infrastructure, schools, healthcare, government networks, and many small- to medium-sized businesses across 70 countries.
Collection
[
|
...
]