The ‘Ghost’ ransomware has carried out cyber attacks in more than 70 countries around the world. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) said that organizations in various sectors, including critical infrastructure, healthcare, government, education, technology, manufacturing, and small and medium-sized businesses, have been victims of this cyber attack.
CISA, the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC) said in a joint statement on Wednesday that since early 2021, ‘Ghost’ cybercriminals have been carrying out indiscriminate attacks on Internet-based services using outdated and insecure software and firmware.
Such attacks have put many organizations around the world, including those in China, at risk. ‘Ghost’ ransomware operators typically change the malware files, the extensions of encrypted files, ransom notes and email addresses, which creates confusion in determining their specific identity. The group is also known as ‘Ghost’, ‘Cring’, ‘Crypter’, ‘Phantom’, ‘Strike’, ‘Hello’, ‘WikrMe’, ‘HSHarada’ and ‘Rapture’.
This money-grubbing cyber group uses open source code to exploit server vulnerabilities. In particular, older and insecure versions of Fortinet (CVE-2018-13379), ColdFusion (CVE-2010-2861, CVE-2009-3960), and Microsoft Exchange (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) are their main targets.
To stay safe from the ‘Ghost’ ransomware, network security experts from CISA and FBI have given some advice. They said that regular and offsite backups should be kept to avoid the risk of being encrypted by ransomware. Security flaws in the operating system, software and firmware should be resolved quickly.
In particular, the security flaws targeted by the ‘Ghost’ ransomware attack (CVE-2018-13379, CVE-2010-2861, CVE-2009-3960, CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) should be properly identified and prevented. The virus should be prevented from spreading from infected devices to other devices by segmenting the network. Phishing-resistant multi-factor authentication (MFA) should be enabled for important accounts and e-mail services. In early 2021, Amigo_A and Swisscom’s CSIRT team first identified the ‘Ghost’ ransomware.
জুমবাংলা নিউজ সবার আগে পেতে Follow করুন জুমবাংলা গুগল নিউজ, জুমবাংলা টুইটার , জুমবাংলা ফেসবুক, জুমবাংলা টেলিগ্রাম এবং সাবস্ক্রাইব করুন জুমবাংলা ইউটিউব চ্যানেলে।
