A naukri.com initiative
Socprime
3d
208
Image Credit: Socprime
Ghost (Cring) Ransomware Detection: The FBI, CISA, and Partners Warn of Increasing China-Backed Group’s Attacks for Financial Gain
- The FBI, CISA, and partners issue a joint alert warning of increasing Ghost (Cring) ransomware attacks by China-backed hackers for financial gain globally.
- Ransomware recovery costs have surged to $2.73M in 2024, driving the need for advanced detection methods and cyber defense technology.
- SOC Prime Platform offers detection rules to combat Ghost (Cring) ransomware, mapped to the MITRE ATT&CK framework for streamlined threat investigation.
- Security professionals can access a broad set of detection rules compatible with various security solutions to detect vulnerability exploitation threats.
- China-backed APT groups have been targeting organizations across 70+ countries since early 2021 using outdated software vulnerabilities and sophisticated attack techniques.
- Ghost (Cring) ransomware operators leverage tools like Cobalt Strike, Mimikatz, and ransomware executables like Cring.exe and ElysiumO.exe to execute attacks and evade defenses.
- Defenders recommend cybersecurity best practices such as maintaining backups, patching systems, and implementing MFA to mitigate the risks of Ghost (Cring) ransomware attacks.
- The group employs ransom notes threatening data sale if ransoms are unpaid but rarely exfiltrates large data amounts, relying on encrypted email services for communication.
- They disable security measures, encrypt files, clear logs, and hinder recovery efforts to maximize impact, emphasizing swift ransomware deployment over persistence.
- To combat the increasing threats posed by Ghost (Cring) ransomware attacks, organizations are advised to enhance their cybersecurity posture and adopt proactive defense strategies.
Read Full Article
12 Likes
For uninterrupted reading, download the app