CyberSecurityBoard
Sponsor Register Login

Recent Ghost/Cring ransomware activity prompts alert from FBI, CISA | The Record from Recorded Future News

A ransomware group known as Ghost has been exploiting vulnerabilities in software and firmware as recently as January, according to an alert issued Wednesday by the FBI and Cybersecurity and Infrastructure Security Agency (CISA). The vulnerabilities include bugs in unpatched Fortinet security appliances; servers running Adobe’s ColdFusion for web applications; and Microsoft Exchange servers still exposed to the ProxyShell attack chain, the alert says. “This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China,” says the alert, released with the Multi-State Information Sharing and Analysis Center (MS-ISAC). Since 2021, victims include “critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses,” the alert says. The group uses common hacking tools such as Cobalt Strike and Mimikatz, and the deployed malware often has filenames like Cring.exe, Ghost.exe, ElysiumO.exe and Locker.exe, the alert says. The group, which is also known as Cring and operates from China, focuses on internet-facing services with unpatched bugs that users could have mitigated years ago, according to the agencies.

This Cyber News was published on therecord.media. Publication date: Wed, 19 Feb 2025 21:15:30 +0000


Cyber News related to Recent Ghost/Cring ransomware activity prompts alert from FBI, CISA | The Record from Recorded Future News

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
1 month ago Cybersecuritynews.com
Recent Ghost/Cring ransomware activity prompts alert from FBI, CISA | The Record from Recorded Future News - A ransomware group known as Ghost has been exploiting vulnerabilities in software and firmware as recently as January, according to an alert issued Wednesday by the FBI and Cybersecurity and Infrastructure Security Agency (CISA). The vulnerabilities ...
1 month ago Therecord.media
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
1 week ago Cybersecuritynews.com
Ghost Ransomware Breaching Organizations in Over 70+ Countries - The ransom note demands payment for both decryption keys and to prevent the public release of stolen information, with attackers maintaining communication through anonymous email channels to apply psychological pressure for payment. Cyber Security ...
15 hours ago Cybersecuritynews.com LockBit
CISA and FBI: Ghost ransomware breached orgs in 70 countries - Right after Amigo_A and Swisscom's CSIRT team first spotted Ghost ransomware in early 2021, their operators were dropping custom Mimikatz samples, followed by CobaltStrike beacons, and deploying ransomware payloads using the legitimate Windows ...
1 month ago Bleepingcomputer.com CVE-2018-13379
How the FBI seized BlackCat ransomware's servers - An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. Today, the US Department of Justice confirmed that they seized websites for the ALPHV ransomware ...
1 year ago Bleepingcomputer.com LockBit Noescape
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims - The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. In the joint advisory published today in collaboration ...
1 year ago Bleepingcomputer.com LockBit Noescape
'Sex life data' stolen from UK government among record number of ransomware attacks - Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year. It is not known which department the information ...
1 year ago Therecord.media
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
6 months ago Therecord.media
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
10 months ago Securityaffairs.com
US Congress Report Calls for Privacy Reforms After FBI Surveillance 'Abuses' - The FBI and the Biden administration at large have lobbied Congress to reauthorize the 702 program as is, ignoring calls for reform that have grown louder since the beginning of the year, manifesting this month in the form of a comprehensive privacy ...
1 year ago Wired.com
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
1 year ago Bleepingcomputer.com LockBit Akira Noescape
FBI and CISA warn of opportunistic Rhysida ransomware attacks - The FBI and CISA warned today of Rhysida ransomware gang's opportunistic attacks targeting organizations across multiple industry sectors. Rhysida, a ransomware enterprise that surfaced in May 2023, quickly gained notoriety after breaching the ...
1 year ago Bleepingcomputer.com Rhysida
FBI: Royal ransomware asked 350 victims to pay $275 million - The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022. In an update to the original advisory published in March with additional information ...
1 year ago Bleepingcomputer.com Blacksuit
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base
BlackCat Ransomware Raises Ante After FBI Disruption - The U.S. Federal Bureau of Investigation disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released ...
1 year ago Krebsonsecurity.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
6 months ago Cyberdefensemagazine.com Akira
Royal ransomware may soon rebrand, BlackSuit links confirmed The Register - The FBI and the US govt's Cybersecurity and Infrastructure Security Agency have released fresh guidance on the Royal ransomware operation, saying that evidence suggests it may soon undergo a long-speculated rebrand. The agencies didn't specify a ...
1 year ago Theregister.com Blacksuit
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
1 year ago Feeds.fortinet.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
1 year ago Feeds.fortinet.com
CISA, FBI warn of BianLian mail scam targeting executives with $500k ransom note | The Record from Recorded Future News - A spokesperson for the company told Recorded Future News that Arctic Wolf is aware of at least 20 organizations or executives who have received these letters. The letters have a return address based in Boston, Massachusetts and the FBI said it is ...
1 month ago Therecord.media BianLian
CISA says it will continue to monitor Russian cyber threats | The Record from Recorded Future News - Both The Guardian and Washington Post bolstered the claims about CISA by saying a recent speech on critical infrastructure cyber threats by a senior State Department official did not mention Russia. The story emerged on Friday around the same time as ...
1 month ago Therecord.media
12 Cybercriminals Arrested Following Takedown of Ghost Communication Platform - The criminals were identified through digital evidence obtained during last year’s international takedown of the Ghost encrypted communication platform, which served as a crucial tool for organized crime groups worldwide. “Today, we have ...
3 weeks ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)