Cuba Ransomware Extorted Over $60 Million in Ransom Charges from Greater than 100 Entities

Dec 02, 2022Ravie LakshmananKnowledge Safety / Incident Response

Cuba Ransomware

The menace actors behind Cuba (aka COLDDRAW) ransomware have acquired greater than $60 million in ransom funds and compromised over 100 entities internationally as of August 2022.

In a brand new advisory shared by the U.S. Cybersecurity and Infrastructure Safety Company (CISA) and the Federal Bureau of Investigation (FBI), the companies highlighted a “sharp improve in each the variety of compromised U.S. entities and the ransom quantities.”

The ransomware crew, often known as Tropical Scorpius, has been noticed focusing on monetary companies, authorities services, healthcare, important manufacturing, and IT sectors, whereas concurrently increasing its ways to achieve preliminary entry and work together with breached networks.

It is value noting that regardless of the identify “Cuba,” there isn’t a proof to counsel that the actors have any connection or affiliation with the island nation.

The entry level for the assaults entails the exploitation of identified safety flaws, phishing, compromised credentials, and legit distant desktop protocol (RDP) instruments, adopted by distributing the ransomware by way of Hancitor (aka Chanitor).

Among the flaws included by Cuba into its toolset are as follows –

  • CVE-2022-24521 (CVSS rating: 7.8) – An elevation of privilege vulnerability in Home windows Frequent Log File System (CLFS) Driver
  • CVE-2020-1472 (CVSS rating: 10.0) – An elevation of privilege vulnerability in Netlogon distant protocol (aka ZeroLogon)

“Along with deploying ransomware, the actors have used ‘double extortion’ strategies, by which they exfiltrate sufferer knowledge, and (1) demand a ransom fee to decrypt it and, (2) threaten to publicly launch it if a ransom fee just isn’t made,” CISA famous.

Cuba can also be stated to share hyperlinks with the operators of RomCom RAT and one other ransomware household known as Industrial Spy, in accordance with latest findings from BlackBerry and Palo Alto Networks Unit 42.


Uncover the Hidden Risks of Third-Get together SaaS Apps

Are you conscious of the dangers related to third-party app entry to your organization’s SaaS apps? Be a part of our webinar to be taught concerning the forms of permissions being granted and how one can reduce danger.


The RomCom RAT is distributed by means of trojanized variations of professional software program similar to SolarWinds Community Efficiency Monitor, KeePass, PDF Reader Professional, Superior IP Scanner, pdfFiller, and Veeam Backup & Replication which are hosted on counterfeit lookalike web sites.

The advisory from CISA and FBI is the newest in a sequence of alerts the companies have issued about completely different ransomware strains similar to MedusaLocker, Zeppelin, Vice Society, Daixin Workforce, and Hive.

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we put up.

Supply By

Related posts