In the world of cybercrime, criminals usually fall into two groups. Some target individuals, tricking them for money. Others go after important organizations like hospitals and companies, hoping for bigger payouts. Although attacks on healthcare are less common, they cause major harm when they happen. Incidents like the New York Blood Center hack, where hackers stole a million patient records, show how serious the risk is. Now, a new report warns about Chinese cybercriminals, known as Ghost, who are attacking government offices, power companies, banks, factories, and hospitals. Most of their attacks have affected North America and the United Kingdom.
Ghost Hackers Active in Over 70 Countries
According to research shared by Rebecca Harpur from Blackfog, the Ghost hacking group is based in China and acts on its own without links to the government. Their main goal is to make money, not to steal secrets. Over time, this group has changed its identity multiple times, previously using names like Cring, Crypt3r, Hello, and Phantom. By rebranding, they make it harder for law enforcement agencies to track them as one single group.
Despite their tricks, agencies like the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have raised alarms about the damage Ghost can cause. The Blackfog report explains that victims usually receive a message demanding money, threatening to either destroy stolen information or release it publicly if they refuse to pay.
How Ghost Carries Out Its Attacks
The way Ghost hackers break into systems usually follows the same pattern:
• They first find and exploit weaknesses in systems that are open to the internet, such as VPN devices, websites, and email servers.
• After getting inside, they install secret programs like Cobalt Strike and web shells to stay hidden. They often create fake accounts and disable security software once they have high-level access.
• With these privileges, they move across the network quietly and transfer sensitive data to their own servers.
• Once enough data is stolen, they release ransomware programs (often named Ghost.exe or Cring.exe) across the network. This encrypts files, destroys backup copies, and leaves a ransom note demanding payment.
Tips to Stay Protected
Although the FBI has provided detailed steps to defend against these attacks, Blackfog suggests a few important actions:
1. Keep backups of all important data and store them separately from your main network.
2. Always install the latest updates for your operating systems, applications, and firmware.
3. Use multi-factor authentication to add an extra layer of security to user accounts.
4. Divide your network into smaller parts to make it harder for hackers to move around freely if they break in.
The Ghost hacking group is not interested in spying — their focus is on making money. Organizations need to stay alert, strengthen their defenses, and act fast to prevent serious damage from these ongoing threats.
