Ghost is Attacking US Small Businesses

Written By Russell Mickler

Brief:

This month, the FBI warned "Ghost," a Chinese ransomware consortium targeting organizations worldwide since 2021, has stepped up its attacks against US small businesses. Ghost exploits known vulnerabilities in outdated software and firmware, affecting over 70 countries and many sectors, including small and medium-sized businesses. The group employs publicly available code to breach systems, often rotating their ransomware payloads and modifying attack methods to evade detection.

Affected Systems:

  • All

What Does This Mean to Me:

Increased attack signals from actors like Ghost is a canary in the coal mine — a reminder to be mindful of security protocols and to ensure data backups are in place to avoid paying ransomware bounties.

Why This Matters for Small Businesses:

Small businesses are particularly vulnerable to Ghost's tactics due to limited cybersecurity resources and potentially outdated systems. A successful ransomware attack can lead to significant financial losses, operational disruptions, and reputational damage. Given Ghost's focus on exploiting unpatched vulnerabilities, small businesses must prioritize cybersecurity to protect their assets and customer data. $814 million was paid in global ransomware payments in 2024.

How to Protect Your Business:

  • Maintain Regular System Backups — frequent backups of critical data are a good practice; ensure they are stored separately from your private network to prevent encryption during an attack.

  • Timely Patch Management — regularly update and patch all software, operating systems, and firmware to address known vulnerabilities. Ghost actors have been known to exploit vulnerabilities in Fortinet FortiOS appliances, Adobe ColdFusion, Microsoft SharePoint, and Microsoft Exchange.

  • Network Segmentation — divide networks into segments to restrict lateral movement, limiting the potential spread of ransomware within the organization.

  • Implement Multi-Factor Authentication (MFA) — require MFA for all user accounts, especially those with administrative privileges, to add an extra layer of security against unauthorized access.

  • Employee Training - educate staff about phishing attacks and social engineering tactics, as human error can often be the gateway for cyber threats.

Recommended Response and Countermeasures:

  • Systems Engineering / Network Segmentation

  • 2FA

  • Online Backups

  • Endpoint Management

  • Training and Education

By proactively implementing these measures, small businesses can enhance their defenses against ransomware attacks and mitigate potential risks associated with the Ghost. If you’ve got questions, contact me.

Prepared by:

Russell Mickler
Principal Consultant, Mickler & Associates, Inc.
rmickler@micklerandassociates.com

We help small businesses use technology better.
‪(360) 216-1784‬ | About | Schedule | Review Me | Buy Me a Coffee

Russell Mickler

Russell Mickler is a computer consultant in Vancouver, WA, who helps small businesses use technology better.

https://www.micklerandassociates.com/about
Previous

A Massive Botnet is Attacking Microsoft365
Next

Google Ditching SMS for Gmail Authentication