Ghost Ransomware Actors

Also known as: Ghost Ransomware Actors

Ghost actors, located in China, conduct widespread ransomware attacks for financial gain. They target networks with vulnerabilities, affecting organizations across more than 70 countries, including critical infrastructure, schools, healthcare, and more.[U.S. CISA Ghost Cring Ransomware February 19 2025]

Introduction

Ghost actors, located in China, conduct widespread ransomware attacks for financial gain. They target networks with vulnerabilities, affecting organizations across more than 70 countries, including critical infrastructure, schools, healthcare, and more.[U.S. CISA Ghost Cring Ransomware February 19 2025]

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • China Chopper:
  • Ghost:
  • CrossRat:

Attribution and Evidence

Information pending cataloguing.

References

[1] [U.S. CISA Ghost Cring Ransomware February 19 2025