Intel Name: Stopransomware: ghost (cring) ransomware
Date of Scan: February 20, 2025
Impact: High
Summary: “StopRansomware: Ghost (Cring) Ransomware” refers to a China-based cybercriminal group, known as Ghost or Cring, that targets vulnerable internet-facing services. Since 2021, they have compromised organizations worldwide, including critical infrastructure and businesses. The group uses rotating ransomware payloads, changes file extensions, and employs multiple ransom email addresses, making attribution difficult. Ghost’s ransomware variants include Cring.exe, Ghost.exe, and Locker.exe.
