Warning Issued: Ghost Ransomware Exploits Previous Security Vulnerabilities (CVEs) by U.S. Authorities

Warning Issued: Ghost Ransomware Exploits Previous Security Vulnerabilities (CVEs) by U.S. Authorities

## Breaking News: Ghost Ransomware Attacks Continue to Target Organisations Worldwide

In the latest cybersecurity threat, a China-linked group known as Cring, responsible for the Ghost ransomware, has been causing widespread disruption to organisations across the globe. The ransomware, also known as Ghost, operates by exploiting vulnerabilities in outdated software and firmware, particularly targeting internet-facing services to gain access and compromise systems.

The attackers typically use publicly available code to exploit known Common Vulnerabilities and Exposures (CVEs) where patches have not been applied. Some of the CVEs exploited by Ghost include CVE-2018-13379, CVE-2010-2861, CVE-2009-3960, CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. However, it is important to note that the specific exploitability of the recent zero-day vulnerability in Grafana, CVE-2025-4123, is not directly linked to Ghost ransomware attacks.

To mitigate the risk of ransomware attacks like Ghost, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) advise organisations to take several security measures. These include regularly updating software and firmware, implementing strong security policies, monitoring for suspicious activity, using backup systems, and educating users on how to avoid phishing and social engineering tactics.

Additionally, security teams are recommended to segment networks to restrict lateral movement, disable unused ports to limit exposure, and monitor for unauthorised use of PowerShell. It is also crucial to mandate phishing-resistant multifactor authentication for access to privileged accounts and email service accounts.

Since 2001, the threat group behind Ghost ransomware, Cring, has targeted a range of critical infrastructure providers including schools, healthcare providers, governments, and manufacturers. The group has also exploited vulnerabilities in Fortinet FortiOS, Adobe ColdFusion, Microsoft SharePoint, Microsoft Exchange, among others.

Recent attacks have compromised organisations as recently as January, highlighting the ongoing threat posed by Ghost ransomware. Organisations are urged to take proactive measures to protect their assets and minimise the risk of falling victim to these attacks.

1. The ongoing Ghost ransomware attacks, perpetrated by the China-linked group Cring, underscore the critical importance of robust cybersecurity measures in the face of evolving technology-driven threats in politics, general-news, and even specific sectors like healthcare, education, and manufacturing.
2. In response to the Ghost ransomware, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) advise organizations to implement a multi-layered cybersecurity approach, which includes strengthening software and firmware protections, securing network access, monitoring for suspicious activities, and enforcing awareness programs against phishing and social engineering tactics.
3. As the Cybersecurity and Infrastructure Security Agency (CISA) recommends, it's essential for organizations to remain vigilant about known Common Vulnerabilities and Exposures (CVEs) in their systems, as a range of threat actors, including those behind Ghost ransomware, often exploit such CVEs for malicious purposes.

Read also: