Wednesday, May 7, 2025
Homecyber securityGhost Ransomware Targets Organizations Across 70+ Countries

Ghost Ransomware Targets Organizations Across 70+ Countries

Published on

SIEM as a Service

Follow Us on Google News

A new ransomware variant known as “Ghost” (also referred to as Cring) has emerged as a significant danger.

Since its first appearance in 2021, the FBI and CISA have issued a joint advisory on February 2025, highlighting its growing menace, particularly after a sharp increase in attacks on critical infrastructure, healthcarbe facilities, and financial institutions across over 70 countries.

The Ghost ransomware campaign has intensified its attacks, exploiting common vulnerabilities in public-facing systems to infiltrate organizations.

- Advertisement - Google News

Ghost ransomware operators are believed to be a financially motivated cybercriminal group based in China, distancing themselves from state-sponsored espionage activities.

Their modus operandi involves rapid deployment of encryption attacks, often achieving full system compromise in under 24 hours.

This quick strike approach marks a departure from previous ransomware groups like Conti or LockBit, which often lingered on networks for weeks.

Method of Operation

Ghost employs sophisticated methods to bypass traditional security measures.

It starts by targeting unpatched systems, scanning for vulnerabilities in VPN appliances, web servers, or email servers.

Once inside, the attackers establish persistent access by planting web shells, deploying tools like Cobalt Strike, and escalating privileges to administrative levels.

According to the Report, this foothold allows them to exfiltrate sensitive data, providing additional leverage for their double-extortion tactic encrypting data and threatening to leak or sell it if ransom demands are not met.

Global Impact and Targets

The widespread nature of Ghost’s attacks is unprecedented, affecting not only the US, Canada, and UK but also reaching into Europe, Asia, and Australia.

The choice of targets spans multiple sectors, focusing on hospitals, energy providers, financial services, government agencies, and manufacturing units.

For organizations, defense against this pervasive threat involves several key strategies:

  • Frequent Updates and Patching: Ghost thrives on unpatched vulnerabilities. Regular updates and patching of systems, particularly those facing the internet or handling external connections, are critical.
  • Implement Multi-Factor Authentication (MFA): For all privileged accounts, MFA is essential to prevent unauthorized access even when credentials are compromised.
  • Network Segmentation and Access Control: Limiting network access and breaking it into isolated zones can contain an infection, preventing attackers from moving laterally through the network.
  • Monitoring and Incident Response: Employing Endpoint Detection and Response (EDR) systems can detect unusual activities like mass encryption attempts. Additionally, having a robust incident response plan ensures quick isolation of affected systems and secure recovery from backups.

Efforts by law enforcement, including international collaborations like the U.S., U.K., and Australian sanctions against facilitators of ransomware, underscore the global response to tackle this menace.

However, the challenge in prosecuting Ghost operators remains due to their geographic shelter in China, where extradition is not straightforward.

The global community continues to urge organizations to prioritize cybersecurity, with an emphasis on preventative measures and incident response readiness to combat this new ransomware threat that has no bounds, affecting industries across the globe.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...