CISA Releases Joint Advisory on Ghost (Cring) Ransomware - 20250220001

Overview

CISA has released a joint Cybersecurity Advisory titled "#StopRansomware: Ghost (Cring) Ransomware".

Ghost actors target victims whose internet facing services run outdated versions of software and firmware. This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organisations across more than 70 countries. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small and medium-sized businesses.

The advisory includes details about the threat actor's behaviours and actions to take to mitigate threats related to the group.

Recommendation

The WA SOC encourages organisations to review the advisory for known TTPs and implement the recommended mitigations where applicable.

Additional References

• CISA #StopRansomware: Ghost (Cring) Ransomware https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-050a