2022-12-06

US Agencies Release Updates for Cuba Ransomware

Level: 
Tactical
  |  Source: 
CISA
Government
Critical Infrastructure
Financial
Healthcare
Manufacturing
Technology
Share:

US Agencies Release Updates for Cuba Ransomware

United States federal agencies, the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA), issued another entry for their #StopRansomware alert, featuring Cuba ransomware. This prolific threat group has compromised over 100 organizations worldwide and amassed $60 million in ransom payments. Despite carrying the name 'Cuba' the operators aren't assessed to be operating in connection to the Republic of Cuba. Verticals targeted by Cuba ransomware include critical infrastructure, financial, government, healthcare, manufacturing, and technology. Within their campaigns, the operators are known to often rely on Hancitor malware to drop information stealing malware or remote access trojans establishing their initial foothold. Notable aspects of the attacks have been the use of vulnerabilities for privilege escalation such as ZeroLogon and using tools to dump LSASS memory. Interestedly the operators used a signed kernel driver, using a certificate from NVIDIA, which was compromised by the LAPSUS$ data extortion group.

Get trending threats published weekly by the Anvilogic team.

Sign Up Now