What you need to know about the 'Ghost' cyberattacks and why the FBI is concerned
The FBI has issued a warning about a Chinese ransomware group called Ghost.
Ghost has attacked critical infrastructure, schools, and businesses in over 70 countries.
The FBI advises using security updates and multifactor authentication to prevent ransomware attacks.
The FBI is warning about a new ransomware hacker group called "Ghost."
The FBI published a security advisory with the Cybersecurity and Infrastructure Agency that said the group began indiscriminately attacking organizations in more than 70 countries starting in 2021. The warning from the FBI and the CISA says Ghost is now one of the top ransomware groups, targeting organizations all over the world as recently as January.
"Ghost actors, located in China, conduct these widespread attacks for financial gain," the report says. "Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses."
Ransomware is a type of malware that lets bad actors encrypt a victim's data until they pay a ransom. Ransomware attacks have become more common in recent years, sometimes targeting large companies or government infrastructure.
A ransomware attack in February 2024 against Chain Healthcare, the payment arm of healthcare giant UnitedHealth Group, briefly crippled the pharmacy industry after it caused a major backlog in filling customer subscriptions.
Most ransomware hackers use phishing methods, sending fake messages to victims in the hope that they'll click a link and install malware on their devices.
The hackers in the Ghost group, however, use publicly available code to exploit common vulnerabilities in organizations' software that have not been removed by updated patches, the FBI says.
"The FBI has observed Ghost actors obtaining initial access to networks by exploiting public-facing applications that are associated with multiple Common Vulnerabilities and Exposures," the warning says.
The FBI said in the warning that Ghost attackers usually claim that they will sell the victim's stolen data if they do not pay a ransom. However, the agency said they "do not frequently exfiltrate a significant amount of information or files, such as intellectual property or personally identifiable information that would cause significant harm to victims if leaked."
The FBI recommends consulting its StopRansomware guide for comprehensive information on how companies can guard against ransomware attacks.
Some tips for fighting against common ransomware tactics are to maintain regular system backups of sensitive information, patch known system vulnerabilities with security updates and use phishing-resistant multifactor authentication for company email accounts.
The FBI recommends reporting any ransomware attacks to the agency. In the security advisory, the FBI said it is particularly interested in "any information that can be shared, including logs showing communication to and from foreign IP addresses, a sample ransom note, communications with threat actors, Bitcoin wallet information, and/or decryptor files."
Read the original article on Business Insider
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
an hour ago
Boulder Jewish Festival proceeds with enhanced security and focus on healing after attack
BOULDER, Colo. -- The group that was attacked last weekend in Boulder, Colorado, while calling for Hamas to release Israeli hostages will be a central focus of the Boulder Jewish Festival, which kicks off Sunday morning in the same location where the firebombing took place. Organizers of the festival, which is in its 30th year, said they have reimagined the cultural celebration to focus on community healing after a man who yelled 'Free Palestine' threw Molotov cocktails at Run for Their Lives demonstrators, according to law enforcement officials. Authorities have said 15 people and a dog were victims of the attack. Not all were physically injured, and some are considered victims for the legal case because they were in the area and could potentially have been hurt. Run for Their Lives, a global grassroots initiative with 230 chapters, started in October 2023 after Hamas militants from the Gaza Strip stormed into Israel, killing 1,200 people and taking 250 others hostage. Sunday's festival at the downtown Pearl Street pedestrian mall will center the group's cause — raising awareness of the 55 people believed to still be in captivity in Gaza. The Boulder chapter walks at the mall every weekend for 18 minutes, the numerical value of the Hebrew word 'chai,' which means 'life.' 'It is going to look very different this year. Run for Their Lives is going to be featured front and center,' said Miri Kornfeld, a Run for Their Lives organizer in Denver. 'The community is looking for a way to come together after an act of violence. People just want to be together, and they want to celebrate who they are.' A group representing families of the Israeli hostages plans to send at least one family to join the Boulder chapter Sunday as it resumes its weekly walks during the festival, Kornfeld said. Art, food and music are also planned. In response to the attack, the Boulder Police Department and the FBI are coordinating to provide increased security at the festival, local synagogues and the Boulder Jewish Community Center. Festival attendees can expect drones, SWAT elements and plainclothes officers in the crowd to increase safety and make people feel at ease, police Chief Stephen Redfearn said. 'Any would-be attacker, anybody that might come there to cause harm, I want them to see that we have a lot of people there, and hopefully that dissuades anyone from doing anything nefarious," Redfearn said Thursday. The victims of the attack include eight women and seven men, ranging in age from 25 to 88. One is a Holocaust survivor. Mohamed Sabry Soliman, 45, was charged Thursday in state court with 118 counts, including attempted murder, assault, illegal use of explosives and animal cruelty. He has also been charged with a hate crime in federal court and is jailed on a $10 million cash bond. Soliman, an Egyptian national who federal authorities say was living in the U.S. illegally, told police he was driven by a desire 'to kill all Zionist people," a reference to the movement to establish and sustain a Jewish state in Israel. Authorities said he expressed no remorse about the attack. U.S. immigration officials took Soliman's wife and five children, who also are Egyptian, into custody Tuesday. They have not been charged in the attack. A federal judge on Wednesday granted a request to block the deportation of Soliman's wife and children. Colorado Gov. Jared Polis, who is Jewish, has deemed the attack antisemitic, meaning it targeted Jewish people because of their identity or beliefs. Organizers have not confirmed whether all the demonstrators last Sunday were Jewish. The group is open to Jewish and non-Jewish participants. The violence in downtown Boulder unfolded against the backdrop of the Israel-Hamas war, which continues to inflame global tensions and has contributed to a spike in antisemitism in the U.S. It also came at the start of the holiday of Shavuot, which commemorates God giving the Torah to the Jewish people at Mount Sinai in Egypt. 'In the wake of the most violent antisemitic terrorist attack in Colorado history, we are reminded of the profound power of standing shoulder to shoulder,' Mindy Miller of Stop Antisemitism Colorado said at a community vigil Wednesday night. 'Let today be the beginning of a new chapter in Colorado — one where Jews no longer have to stand alone.'
Yahoo
an hour ago
- Yahoo
Patel promises FBI coming for anyone assaulting cops as Los Angeles erupts over ICE raids
Following violent anti-ICE riots in Los Angeles on Saturday night, FBI Director Kash Patel warned "if you assault a law enforcement officer, you're going to jail—period." "It doesn't matter where you came from, how you got here, or what cause you claim to represent," Patel told Fox News Digital. "If local jurisdictions won't stand behind the men and women who wear the badge, the FBI will." President Donald Trump signed a Presidential Memorandum deploying 2,000 National Guardsmen to Paramount, California after immigration authorities driving in the area were pelted with rocks, stones, and concrete — shattering government vehicle windshields. U.S. Border Patrol Chief Michael W. Banks shared a photo of one Border Patrol agent's bloody hand, which was injured by a rock flying through the windshield. National Guard To Be Deployed In Los Angeles County As Anti-ice Protests Rage: Border Czar Tom Homan Federal sources said agents could have been killed by the flying debris. Read On The Fox News App "Doesn't matter where you came from, how you got here, or what movement speaks to you. If the local police force won't back our men and women on the thin blue line, we @FBI will," Patel wrote on X. The bureau has an entire force dedicated to immigration, with its highest concentration in Los Angeles. Several arrests have already been made for assault on a federal agent, Banks confirmed. Federal Officials Slam Democrats For 'Dangerous' Rhetoric As Ice Agents Face Violent Mobs In La, Nyc The fiery Paramount protest marked the second consecutive day of substantial violent riots in Los Angeles. On Friday night, more than 1,000 Los Angeles rioters surrounded a federal law enforcement building and assaulted ICE agents, slashed tires, and defaced buildings. Ice Sweeps Through La Businesses As Local Democrats Cry Foul Over Trump Administration's Enforcement Actions DHS Secretary Kristi Noem said protesters would not slow ICE agents down, and cautioned rioters. "If you lay a hand on a law enforcement officer, you will be prosecuted to the fullest extent of the law," Noem wrote in an X post. FBI Deputy Director Dan Bongino said the agency is seeking information regarding the identity of those throwing rocks at vehicles conducting critical law enforcement operations, noting "it is only a matter of time." "One of the perpetrators in this video is wearing a helmet, and we're going to use our investigative tools to locate the individual," Bongino wrote in an X post. "I strongly suggest you turn yourself in, it's only a matter of time."Original article source: Patel promises FBI coming for anyone assaulting cops as Los Angeles erupts over ICE raids
Miami Herald
an hour ago
- Miami Herald
Ex-police chief Grant Hardin recaptured after escape from Arkansas prison
A former Arkansas police chief who escaped from a prison 12 days ago was apprehended about a mile and half from where he was incarcerated in northwest Arkansas. Grant Hardin, known as the 'Devil in the Ozarks,' was caught around 3 p.m. local time Friday by Arkansas law enforcement officers and the U.S. Border Patrol, according to Arkansas Department of Corrections. Hardin, 56, was an inmate at the North Central Unit in Calico Rock in Izard County for murder and rape. Calico Rock is 126 miles north of Little Rock. Tracking dogs picked up Hardin's scent west of the prison near Moccasin Creek in Izard County, the state agency said. Hardin was brought back to the North Central Unit where he was identified using his fingerprint and for a physical exam before he was moved to the Varner SuperMax Unit in Gould, Arkansas, Arkansas Department of Corrections spokesperson Rand Champion told CNN. After a dayslong manhunt that crossed several states, Champion said Hardin would be interviewed to learn more about his escape and nearly two weeks on the run. 'This was a great joint operation by a number of agencies, and I'm so thankful for their tireless efforts,' Dexter Payne, director of the Division of Correction in Arkansas' Department of Corrections, said in an agency press release. 'The Arkansas State Police, U.S. Marshals, FBI, Border Patrol, Game and Fish, all the state and local agencies, along with the dedication of our Department employees, all played an indispensable role and I express my extreme gratitude.' Hardin escaped from the prison at approximately 2:55 p.m. on May 25. The agency said he 'was wearing a makeshift outfit designed to mimic law enforcement' when he escaped, but was not wearing an actual guard uniform and all DOC-issued equipment was accounted for. Hardin is the former chief of police for the city of Gateway in Benton County, which had a population of 444 people in 2023. He also was a police officer, county constable and corrections officer. Gateway, which is near the Missouri border, is 129 miles west of Calico Rock. Since 2017, he was in the North Central Unit serving a 30-year sentence for first-degree murder, and 25 years for each rape count. He pleaded guilty to the murder of James Appleton, 59, a city water employee found shot in the face inside his work truck in October 2017, KNWA reported. Hardin's DNA linked him to the 1997 rape of a teacher, the TV station reported. Amy Harrison, a teacher at Frank Tillery Elementary in Rogers, was ambushed while preparing lesson plans at the school when she was ambushed and assaulted by a man with a gun. 'He's a sociopath,' former Benton County prosecutor Nathan Smith told Arkansas ABC affiliate KHBS/KHOG. 'Prison's not full of people who are all bad. It's full of a lot of people who just do bad things. Grant's different.' The FBI offered a reward of up to $10,000 for information leading to his arrest. 'Arkansans can breathe a sigh of relief because violent criminal Grant Hardin is now in custody,' Arkansas Gov. Sarah Huckabee Sanders posted on X. 'I am grateful for all law enforcement who contributed to his capture and give special thanks to the Trump administration and Secretary Kristi Noem, who sent a team from Border Patrol that was instrumental in tracking and apprehending Hardin.' Copyright 2025 UPI News Corporation. All Rights Reserved.
