Close Menu
Alpha Leaders
  • Home
  • News
  • Leadership
  • Entrepreneurs
  • Business
  • Living
  • Innovation
  • More
    • Money & Finance
    • Web Stories
    • Global
    • Press Release
What's On
The Best AI Degrees And How To Choose The Right Major

The Best AI Degrees And How To Choose The Right Major

11 July 2026
Americans are quietly abandoning the daily habit that billionaires say set them up for success

Americans are quietly abandoning the daily habit that billionaires say set them up for success

11 July 2026
Latest Schedule Confirms iPhone’s July Public Beta

Latest Schedule Confirms iPhone’s July Public Beta

11 July 2026
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram
Alpha Leaders
newsletter
  • Home
  • News
  • Leadership
  • Entrepreneurs
  • Business
  • Living
  • Innovation
  • More
    • Money & Finance
    • Web Stories
    • Global
    • Press Release
Alpha Leaders
Home » FBI Says Backup Now—Advisory Warns Of Dangerous Ransomware Attacks
Innovation

FBI Says Backup Now—Advisory Warns Of Dangerous Ransomware Attacks

Press RoomBy Press Room22 February 20259 Mins Read
Facebook Twitter Copy Link Pinterest LinkedIn Tumblr Email WhatsApp
FBI Says Backup Now—Advisory Warns Of Dangerous Ransomware Attacks

Update, Feb. 22, 2025: This story, originally published Feb. 20, now includes further technical details of the Ghost ransomware operation along with expert commentary from a number of security professionals regarding the FBI security advisory.

Phishing, social engineering, scams, or whatever label you like to attach to the “click here” campaigns so beloved of attackers the world over is not the only security threat you need to pay attention to. I mean, that should go without saying, but ignoring other attack methodologies is akin to burying your head in the sand while someone steals your bucket and spade afterward.

The Federal Bureau of Investigation has just published a new security advisory warning of one such non-phishing attack being exploited in an ongoing and particularly dangerous ransomware campaign known as Ghost. Here’s what you need to know and what the FBI warns you should do with the utmost urgency to stay protected.

FBI Issues Critical Ghost Ransomware Security Advisory

A joint security advisory published Feb. 19 by the FBI and the Cybersecurity and Infrastructure Security Agency, AA25-050A, has warned organizations around the world of a dangerous ransomware group known as Ghost, which is carrying out ongoing attacks targeting multiple industry sectors across more than 70 countries.

The threat actors, working out of China according to the FBI, go by many different names although Ghost appears to be the most common: Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada and Rapture, for example. What doesn’t vary, however, is the attack methodology. Rather than using phishing techniques, the chosen method for the vast majority of ransomware attacks these days, Ghost prefers to use publicly available code to exploit known security vulnerabilities in software and firmware that their operators have not patched. They do this to gain access to internet-facing servers and ultimately strike with the ransomware payload.

“The FBI has observed Ghost actors obtaining initial access to networks by exploiting public facing applications that are associated with multiple Common Vulnerabilities and Exposures,” the advisory said. “Their methodology includes leveraging vulnerabilities in Fortinet FortiOS appliances, servers running Adobe ColdFusion, Microsoft SharePoint and Microsoft Exchange, commonly referred to as the ProxyShell attack chain.”

The FBI made particular note of a number of CVEs that are known to have been exploited by the Ghost ransomware campaigns including:

  • CVE-2009-3960
  • CVE-2010-2861
  • CVE-2018-13379
  • CVE-2019-0604
  • CVE-2021-31207
  • CVE-2021-34473
  • CVE-2021-34523

The first set of digits referred to in those CVE numbers is the year that the vulnerability was reported, and in most cases, this is also the year that it would have been patched by the vendor concerned. These stretch back to as long ago as 2009, which is truly shocking when you consider that some systems have, therefore, apparently remained unpatched for at least 15 years.

The FBI advisory also explained how the threat actors behind Ghost have been seen to upload a web shell to compromised servers in order to leverage a combination of Windows command prompts and PowerShell to download and execute a Cobalt Strike Beacon on target systems. This in itself is not unusual, although the irony in cybercriminals using a commercially available and well-regarded penetration tool, used as part of adversary simulations to audit the voracity of an organization’s security controls, cannot be ignored.

“Ghost actors often rely on built-in Cobalt Strike functions to steal process tokens running under the SYSTEM user context to impersonate the SYSTEM user,” the FBI said, “often for the purpose of running Beacon a second time with elevated privileges.” The hashdump Cobalt Strike function is then used to collect credentials, including passwords and password hashes, while yet another is employed to display a list of running processes, “to determine which antivirus software is running so that it can be disabled.” Windows Defender, for example, is “frequently disabled” on network-connected devices, according to the FBI.

Rather interestingly, given that double-extortion ransomware is the order of the day, the FBI noted that while Ghost claims exfiltrated data will be sold unless the ransom is paid, there is little evidence to suggest that a significant amount of such data is stolen from compromised organizations. This is particularly true when it comes to “intellectual property or personally identifiable information that would cause significant harm to victims if leaked,” the FBI said.

Security Professionals Respond To The FBI Ghost Warning

“Ghost is a dangerous nation-state threat actor which organizations must make efforts to protect against,” Juliette Hudson, chief technology officer at CybaVerse, said; “The group is actively exploiting known CVEs in ubiquitous tech, highlighting the need for organizations to prioritize patching and remediation efforts.” And there lies the rub. “The Ghost ransomware campaign highlights the persistent reality that adversaries exploit known vulnerabilities faster than many organizations can patch them,” Darren Guccione, CEO of Keeper Security, warned. Which can only reinforce a critical need for proactive risk management, with security leaders having to ensure that software, firmware and identity systems are continuously updated and hardened against exploitation. “Beyond patching, identity security is a persistent weak point in defending against ransomware attacks,” Guccione said; “Enterprises should implement a privileged access management solution to enforce multi-factor authentication, a zero-trust framework and least-privilege access controls to prevent lateral movement.”

Joe Silva, CEO at Spektion, agreed that the Ghost ransomware attacks would appear to highlight the fact that threat actors are capitalizing on what you might call patch fatigue by exploiting the gaps left by overwhelmed security teams. “This proves legacy vulnerability management practices can’t keep up with the exploding number of vulnerabilities that attackers are taking advantage of,” Silva warned; “Instead, organizations need real-time, contextual insights into how their software behaves within their specific environments by using tools that have a strong ‘signal to noise’ ratio based on actual risks rather than potential risks that overwhelm security teams.”

Ghost’s credential theft is a stark reminder that hackers are always a step ahead, says Rom Carmel, CEO at Apono. “By compromising legitimate accounts, they can infiltrate deeper into environments and target an organization’s most sensitive resources,” Carmel warned; “To reduce the blast radius of account compromises, organizations must not only authenticate access but also enforce precise, rightsized privileges and limit the availability of access to high-value resources.”

Describing the attacks by the Ghost ransomware group as a commercial global onslaught, Agnidipta Sarkar, vice president CISO advisory at ColorTokens, said that, as a cyber-defense specialist, ‘my first point is to understand how they find their victims.” Given that we know that Ghost is looking for unpatched vulnerabilities in the likes of VPNs, firewalls, and other network appliances, “all they need is one successful attempt to gain an initial access to victim networks,” Sarkar said. The key to the success of these campaigns, according to Sarkar, would lie with the fact that. Most critical infrastructure cyber security leadership, especially in operational technology, those hardware and software systems that monitor and control physical processes, “do not bother much about lateral movement.”

Finally, Tim Mackey, head of software supply chain risk strategy at Black Duck, told me that such attacks on legacy cyber-physical and Internet of Things devices are to be expected and, as such, must be planned for as part of the operational requirements for the device. “Attackers know that best practices evolve,” Mackey said, “and even the most secure device from a decade ago is likely quite vulnerable to a modern-day attack, let alone those that may be mounted in the future.” Given that the usable life span of any cyber-physical device is measured in years, and potentially decades, “organizations acquiring any such device should work closely with their suppliers to ensure a long-term operations and risk mitigation plan is created that covers not only availability of patches but active sharing of threat scenario data,” Mackey concluded.

Four Steps To Take Today, According To The FBI

The FBI has advised that all organizations take the following actions, and take them today, to mitigate the risks attached to this most dangerous of ransomware attack campaigns.

  1. Maintain regular system backups stored separately from the source systems which cannot be altered or encrypted by potentially
    compromised network devices.
  2. Patch known vulnerabilities by applying timely security updates to operating systems, software, and firmware within a risk-informed
    timeframe.
  3. Segment networks to restrict lateral movement from initial infected devices and other devices in the same organization.
  4. Require Phishing-Resistant MFA for access to all privileged accounts and email services accounts.

It goes without saying that phishing awareness training for users, applying the principle of least privilege when granting permissions and the disabling of unused ports are all also highly recommended. And finally, the FBI said that organizations should “implement allowlisting for applications, scripts, and network traffic to prevent unauthorized execution and access.”

“Ghost is a dangerous nation-state threat actor which organisations must take efforts to protect against,” Juliette Hudson, chief technology officer at CybaVerse, said. “The group is actively exploiting known CVEs in ubiquitous tech, highlighting the need for organisations to prioritise patching and remediation efforts.”

“This advisory from the FBI and CISA highlights that the Ghost ransomware operation is utilising vulnerability exploits to gain access to organisations, which is divergence from the typical ransomware attacks that are executed via social engineering,” Simon Phillips, chief technology officer at SecureAck, said. “Given that the products Ghost targets are designed for businesses and the CVEs being exploited are so outdated, this highlights an urgent need to reinforce fundamental security practices.“

The FBI does not encourage paying a ransom, the security advisory said, arguing that such a payment does not guarantee victim files will be recovered. “Furthermore, payment may also embolden adversaries to target additional organizations,” the FBI concluded, and “encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.”

CISA cisa warning FBI Cybersecurity Advisory FBI Ransomware FBI Security FBI Security Advisory FBI Warning Ghost Ghost Ransomware Ransomware
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link

Related Articles

The Best AI Degrees And How To Choose The Right Major

The Best AI Degrees And How To Choose The Right Major

11 July 2026
Latest Schedule Confirms iPhone’s July Public Beta

Latest Schedule Confirms iPhone’s July Public Beta

11 July 2026
NYT Connections Hints And Answers: Saturday, July 11

NYT Connections Hints And Answers: Saturday, July 11

11 July 2026
Typology Of AI-Based Therapy Micro-Bursts Reveals How People Lean Into Chatbots For Mental Health Advice

Typology Of AI-Based Therapy Micro-Bursts Reveals How People Lean Into Chatbots For Mental Health Advice

11 July 2026
When It Could Drop, Based On Rockstar’s History

When It Could Drop, Based On Rockstar’s History

11 July 2026
Today’s Wordle #1848 Hints And Answer For Saturday, July 11

Today’s Wordle #1848 Hints And Answer For Saturday, July 11

11 July 2026
Don't Miss
Unwrap Christmas Sustainably: How To Handle Gifts You Don’t Want

Unwrap Christmas Sustainably: How To Handle Gifts You Don’t Want

By Press Room27 December 2024

Every year, millions of people unwrap Christmas gifts that they do not love, need, or…

Exclusive: DeFi platform Azura launches after raising .9 million from Initialized

Exclusive: DeFi platform Azura launches after raising $6.9 million from Initialized

22 October 2024
Sam Altman’s World Wants To Scan Your Eyes To Prove You’re Human

Sam Altman’s World Wants To Scan Your Eyes To Prove You’re Human

22 October 2024
Stay In Touch
  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • YouTube
  • Vimeo
Latest Articles
NYT Connections Hints And Answers: Saturday, July 11

NYT Connections Hints And Answers: Saturday, July 11

11 July 20262 Views
How SK Hynix just pulled off the second-largest U.S. share sale by quietly powering the AI boom

How SK Hynix just pulled off the second-largest U.S. share sale by quietly powering the AI boom

11 July 20262 Views
Typology Of AI-Based Therapy Micro-Bursts Reveals How People Lean Into Chatbots For Mental Health Advice

Typology Of AI-Based Therapy Micro-Bursts Reveals How People Lean Into Chatbots For Mental Health Advice

11 July 20262 Views
Why the 2026 IPO boom is about to broaden beyond AI mega-deals

Why the 2026 IPO boom is about to broaden beyond AI mega-deals

11 July 20262 Views

Recent Posts

  • The Best AI Degrees And How To Choose The Right Major
  • Americans are quietly abandoning the daily habit that billionaires say set them up for success
  • Latest Schedule Confirms iPhone’s July Public Beta
  • Hair ties, dresses, food: How fans buy closeness to Erling Haaland, Taylor Swift and other celebs
  • NYT Connections Hints And Answers: Saturday, July 11

Recent Comments

No comments to show.
About Us
About Us

Alpha Leaders is your one-stop website for the latest Entrepreneurs and Leaders news and updates, follow us now to get the news that matters to you.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks
The Best AI Degrees And How To Choose The Right Major

The Best AI Degrees And How To Choose The Right Major

11 July 2026
Americans are quietly abandoning the daily habit that billionaires say set them up for success

Americans are quietly abandoning the daily habit that billionaires say set them up for success

11 July 2026
Latest Schedule Confirms iPhone’s July Public Beta

Latest Schedule Confirms iPhone’s July Public Beta

11 July 2026
Most Popular
Hair ties, dresses, food: How fans buy closeness to Erling Haaland, Taylor Swift and other celebs

Hair ties, dresses, food: How fans buy closeness to Erling Haaland, Taylor Swift and other celebs

11 July 20261 Views
NYT Connections Hints And Answers: Saturday, July 11

NYT Connections Hints And Answers: Saturday, July 11

11 July 20262 Views
How SK Hynix just pulled off the second-largest U.S. share sale by quietly powering the AI boom

How SK Hynix just pulled off the second-largest U.S. share sale by quietly powering the AI boom

11 July 20262 Views

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • March 2022
  • January 2021
  • March 2020
  • January 2020

Categories

  • Blog
  • Business
  • Entrepreneurs
  • Global
  • Innovation
  • Leadership
  • Living
  • Money & Finance
  • News
  • Press Release
© 2026 Alpha Leaders. All Rights Reserved.
  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact

Type above and press Enter to search. Press Esc to cancel.