Summary: Yesterday, CISA—in partnership with the FBI and Multi-State Information Sharing and Analysis Center (MS-ISAC)—released a joint Cybersecurity Advisory, #StopRansomware: Ghost (Cring) Ransomware. This advisory provides network defenders with indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with Ghost ransomware activity identified through FBI investigations.
Analyst Note: These threat actors primarily conduct these attacks by targeting organizations with outdated versions of software and firmware on their internet-facing services. This highlights the importance of keeping systems updated with the latest versions. Members are encouraged to review the advisory for recommended actions and guidance pertaining to Ghost (Cring) ransomware actors. Actions to take today to mitigate cyber threats related to Ghost Ransomware activity include: maintaining regular system backups, patching known vulnerabilities, and segmenting networks to restrict lateral movement.
Original Source: https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-050a
Mitigation Recommendations:
Related WaterISAC PIRs: 6, 7, 10, 12
