A new ransomware campaign known as Ghost is exploiting vulnerabilities in software and firmware to gain access to internet-facing servers and strike with a payload. The Federal Bureau of Investigation (FBI) has published a security advisory warning organizations of this threat, which is considered particularly dangerous due to its use of publicly available code.
Ghost attackers prefer to exploit known security vulnerabilities in widely used applications such as Fortinet FortiOS appliances, Adobe ColdFusion, Microsoft SharePoint, and Microsoft Exchange. They do not rely on phishing techniques, but instead use code exploits to gain initial access to networks.
Security professionals warn that organizations must prioritize patching and remediation efforts to protect against this threat. “The Ghost ransomware campaign highlights the persistent reality that adversaries exploit known vulnerabilities faster than many organizations can patch them,” said Darren Guccione, CEO of Keeper Security.
To mitigate the risks attached to this attack, the FBI advises organizations to take four steps:
1. Maintain regular system backups stored separately from the source systems.
2. Patch known vulnerabilities by applying timely security updates to operating systems, software, and firmware within a risk-informed timeframe.
3. Segment networks to restrict lateral movement from initial infected devices and other devices in the same organization.
4. Require phishing-resistant multi-factor authentication for access to all privileged accounts and email services accounts.
Experts emphasize that this attack highlights the need for proactive risk management, including continuous updates and hardening of software, firmware, and identity systems against exploitation. Organizations must implement solutions such as privileged access management, zero-trust frameworks, and least-privilege access controls to prevent lateral movement and protect against ransomware attacks.
Source: https://www.forbes.com/sites/daveywinder/2025/02/21/new-fbi-warning-backup-today-as-dangerous-attacks-ongoing