1、 U.S.organizations:To report suspicious or criminal activity related to information found in this joint Cybersecurity Advisory,contact your local FBI field office or CISAs 24/7 Operations Center at Reportcisa.gov or(888)282-0870.When available,please include the following information regarding the i

2、ncident:date,time,and location of the incident;type of activity;number of people affected;type of equipment used for the activity;the name of the submitting company or organization;and a designated point of contact.This document is distributed as TLP:CLEAR.Disclosure is not limited.Sources may use T

3、LP:CLEAR when information carries minimal or no foreseeable risk of misuse,in accordance with applicable rules and procedures for public release.Subject to standard copyright rules,TLP:CLEAR information may be distributed without restriction.For more information on the Traffic Light Protocol,see cis

4、a.gov/tlp.TLP:CLEAR#StopRansomware:Ghost(Cring)Ransomware TLP:CLEAR Co-Authored by:Product ID:AA25-050A February 19,2025 Summary Actions for Organizations to Take Today to Mitigate Cyber Threats Related to Ghost(Cring)Ransomware Activity Maintain regular system backupsMaintain regular system backups

5、 stored separately from the source systems which cannot be altered or encrypted by potentially compromised network devices CPG 2.R.PatchPatch known vulnerabilitiesknown vulnerabilities by applying timely security updates to operating systems,software,and firmware within a risk-informed timeframe CPG

6、 2.F.o Common Vulnerabilities and Exposures(CVE):CVE-2018-13379,CVE-2010-2861,CVE-2009-3960,CVE-2021-34473,CVE-2021-34523,CVE-2021-31207.Segment networksSegment networks to restrict lateral movement from initial infected devices and other devices in the same organization CPG 2.F.Require Require Phis