Advertisement Banner
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Cyber News

Cuba Ransomware received over $60M in Ransom payments as August 2022Security Affairs

admin by admin
December 2, 2022
in Cyber News


Cuba ransomware gang received more than $60 million in ransom payments related to attacks against 100 entities worldwide as of August 2022.

The threat actors behind the Cuba ransomware (aka COLDDRAW, Tropical Scorpius) have demanded over 145 million U.S. Dollars (USD) and received more than $60 million in ransom payments from over 100 victims worldwide as of August 2022, the US government states.

Like other ransomware gangs, Cuba used ‘double extortion’ techniques which means that it exfiltrates data from the target systems before encrypting them and demanding a ransom payment, threatening to publicly release it if payment is not made.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a joint advisory that provides technical details about the gang’s operations, including tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Cuba ransomware.

“FBI has identified a sharp increase in the both the number of compromised U.S. entities and the ransom amounts demanded by Cuba actors.” reads the report. “Since spring 2022, Cuba ransomware actors have expanded their TTPs. Third-party and open-source reports have identified a possible link between Cuba ransomware actors, RomCom Remote Access Trojan (RAT) actors, and Industrial Spy ransomware actors.”

Since December 2021 Cuba operators are continuing to target U.S. entities Financial Services, Government Facilities, Healthcare and Public Health, Critical Manufacturing, and Information Technology.

Cuba gang has leveraged multiple techniques to gain initial access into victims’ networks, including the exploitation of nown vulnerabilities in commercial software [T1190], phishing campaigns [T1566], compromised credentials [T1078], legitimate remote desktop protocol (RDP) tools [T1563.002]. 

Once gained initial access, the attackers distributed Cuba ransomware on compromised systems using the Hancitor loader.

Below are the vulnerabilities exploited by the group in its attacks:

  • CVE-2022-24521 – elevation of privilege flaw in Windows Common Log File System (CLFS) Driver
  • CVE-2020-1472 – elevation of privilege flaw in Netlogon remote protocol (aka ZeroLogon)

In May, MalwareHunterTeam found evidence that links Cuba and the Industrial Spy crew.

Since spring 2022, multiple reports also linked RomCom RAT actors to the Cuba gang. 

Additional details are included in the advisory “Alert (AA22-335A) #StopRansomware: Cuba Ransomware.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)




Share On






Source link

Previous Post

Elon Musk suspends Kanye West’s Twitter account after rapper posts Swastika image –

Next Post

‘Don’t Say Gay’ Is Happening in China Too. But It Can’t Turn Back the Clock.  – The Diplomat

Next Post

‘Don’t Say Gay’ Is Happening in China Too. But It Can’t Turn Back the Clock.  – The Diplomat

Recommended

Raghav Chadha Receives “India UK Outstanding Achievers Honour” In London –

1 week ago

Security Affairs newsletter Round 400 by Pierluigi Paganini

1 month ago

© 2022 Law Enforcement News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Cyber News
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact

© 2022 Law Enforcement News Hubb All rights reserved.