Breaking

Cuba Ransomware hits 49 US organizations says the FBI

The FBI has identified and disclosed that 49 US organizations have been compromised by Cuba Ransomware Gang. This was disclosed as part of the FBI flash report and has been mentioned that the Cuba ransomware actors have compromised these organizations as on November 2021, which includes almost all the industries in the market starting with government, healthcare, information technology, manufacturing, and federal bodies.

And as per the FBI, the ransomware actors have already made $40 million over such horrendous acts. The FBI together with CISA were able to share the details of these incidents and the numbers as a report.

How was Cuba ransomware distributed?

The ransomware operators have made use of the Hancitor malware downloader to distribute the Cuba ransomware to the organizations. Hancitor has been a popular means for distributing Remote Access Trojans (RATs), Stealers, and other ransomware.

Zscaler did identify that Hancitor was used in distribution of Vawtrak trojan, then later the same Hancitor had facilitated the deployment of Pony, Ficker, Cobalt Striker and other malware.

Hancitor initially uses the most common breaching technique ‘Phishing’, then steals the credentials of the targeted audience, exploits the MS vulnerabilities, and then breach via RDP tools for lateral distribution.

In the Cuba ransomware case the legitimate services from Windows were used for distribution and remote deployments. The encryption happens then with ‘.cuba’ extension.

FBI requests for assistance if Cuba ransomware is spotted

The FBI has requested for information from sysadmins and security professionals if they detect .cuba extension in their network. The boundary logs with communication involving the IP addresses, Bitcoin wallet info, and other details are requested for further investigation and narrowing down the ransomware actors.

Though the organizations are cornered to make ransom payments if they fall for Cuba, the FBI has advised not to do so as there is no guarantee that the threat actors will play a fair game here. Hence if organizations face such threats they are advised to reach out to the local FBI offices for assistance.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit. You can reach out to us via Twitter or Facebook, for any advertising requests.

Share the article with your friends
William Marshal

William has been one of the key contributors to 'The Cybersecurity Times' with 9.5 years of experience in the cybersecurity journalism. Apart from writing, he also like hiking, skating and coding.

Recent Posts

Best Microsoft Intune Alternatives: Top 5 MDMs to Consider

Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…

1 day ago

Top 7 Best Smartphones with Best Security Features in 2024

Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…

3 weeks ago

Top 11 Log Management Tools for Efficient System Management

Discover the top 11 log management tools for efficient system management and monitoring. Learn about…

2 months ago

Top 5 Threat Intelligence Tools For 2024

Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…

2 months ago

Privileged Access Management: 5 Best PAM Solutions in the Market

Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…

2 months ago

Apple Device Management: Top Solutions for iOS and macOS Management

Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…

2 months ago