Alerts: CISA and Partners Release Advisory on Ghost (Cring) Ransomware

Feb 19, 2025

—

Source URL: https://www.cisa.gov/news-events/alerts/2025/02/19/cisa-and-partners-release-advisory-ghost-cring-ransomware
Source: Alerts
Title: CISA and Partners Release Advisory on Ghost (Cring) Ransomware

Feedly Summary: Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC)—released a joint Cybersecurity Advisory, #StopRansomware: Ghost (Cring) Ransomware. This advisory provides network defenders with indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with Ghost ransomware activity identified through FBI investigations.
Ghost actors conduct these widespread attacks targeting and compromising organizations with outdated versions of software and firmware on their internet facing services. These malicious ransomware actors are known to use publicly available code to exploit Common Vulnerabilities and Exposures (CVEs) where available patches have not been applied to gain access to internet facing servers. The known CVEs are CVE-2018-13379, CVE-2010-2861, CVE-2009-3960, CVE-2021-34473, CVE-2021-34523, CVE-2021-31207.
CISA encourages network defenders to review this advisory and apply the recommended mitigations. See #StopRansomware and the #StopRansomware Guide for additional guidance on ransomware protection, detection, and response. Visit CISA’s Cross-Sector Cybersecurity Performance Goals for more information on the CPGs, including added recommended baseline protections.

AI Summary and Description: Yes

Summary: The text details a joint Cybersecurity Advisory released by CISA, FBI, and MS-ISAC regarding Ghost ransomware, emphasizing the significance of updating software to mitigate vulnerabilities exploited by this malware. This information is particularly relevant for professionals in cybersecurity, especially in risk management and defensive strategies against ransomware.

Detailed Description:
The advisory released today by CISA, in collaboration with the FBI and MS-ISAC, highlights the ongoing threat posed by Ghost ransomware, which predominantly targets organizations utilizing outdated software and firmware. The document provides essential guidance for network defenders on how to identify and respond to these threats.

Key insights from the advisory include:

– **Indicators of Compromise (IOCs)**: The advisory includes specific IOCs that can help identify if an organization has been targeted or compromised by Ghost ransomware.

– **Tactics, Techniques, and Procedures (TTPs)**: The advisory outlines the methods employed by ransomware actors to initiate attacks, providing a clearer understanding of the threat landscape.

– **Vulnerability Exploitation**: Ghost actors take advantage of Common Vulnerabilities and Exposures (CVEs) in unpatched software. They utilize publicly available code to exploit known vulnerabilities including:
– CVE-2018-13379
– CVE-2010-2861
– CVE-2009-3960
– CVE-2021-34473
– CVE-2021-34523
– CVE-2021-31207

– **Mitigation Recommendations**: CISA strongly encourages network defenders to review the advisory and implement the recommended mitigations to bolster their defenses against ransomware attacks.

– **Further Resources**: The advisory references the #StopRansomware initiative and recommends reviewing the Cross-Sector Cybersecurity Performance Goals for comprehensive guidance on establishing baseline cybersecurity measures.

This information is critically important for security practitioners, as it provides direct guidance on defending against ransomware threats, emphasizing the necessity of regular software updates and proactive vulnerability management.

01 1 2 3 4 5 7 a access Act advisory AI alerts analysis and art as attack attacks by C CIA CISA CleaR code Col collaboration Common Vulnerabilities Common Vulnerabilities and Exposures critical cross CVE cyber cybersecurit Cybersecurity cybersecurity measures cybersecurity performance goals D day de defense defenses Defensive Strategies detection detection methods document e end event exp exploit Exploitation Exposures facing servers FBI firmware for g Go goal gs guidance high Highlight HR http HTTPS in indicators of compromise information information sharing insights inter intern internet investigation investigations IoC IoCs ite J joint cybersecurity advisory k Key known vulnerabilities l Labor land led malware man management mitigation mitigation recommendations mitigations multi network network defenders news no o of on one organization organizations ory out partnership Patch patches performance pre proactive proactive vulnerability management procedures professionals public R rag ransom ransomware ransomware attack ransomware attacks ransomware protection ransomware threats rate RCE recommendations red release resource resources response Risk risk management Ro RoT s sec security security advisory security measure security measures Security Practitioners server servers service services SHA sharing Sig SoC software software update software updates source specific SSE state STIG T tactics Tails targeted tech techniques text the threat threat landscape threats to Tor TP two UI up update updates US use V Vantage version vulnerabilities vulnerability Vulnerability Exploitation Vulnerability Management Wi x