FBI says Cuba ransomware extorted over $60 million in ransom fees from more than 100 entities

Share post:

As of August 2022, the threat actors behind the Cuba (aka COLDDRAW) ransomware had received more than $60 million in ransom payments and had compromised over 100 entities worldwide.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a new advisory highlighting a “sharp increase in both the number of compromised US entities and the ransom amounts.”

According to the FBI and CISA, the ransomware gang has broadened its tactics, techniques, and procedures (TTPs) since the beginning of the year and has been linked to the RomCom Remote Access Trojan (RAT) and Industrial Spy ransomware.

It steals money by exploiting known security flaws, phishing, compromised credentials, and legitimate remote desktop protocol (RDP) tools, then distributes ransomware through Hancitor (aka Chanitor). Cuba has included the following flaws in its toolkit: CVE-2022-24521 (CVSS score: 7.8) (CVSS score: 7.8) – CVE-2020-1472: An elevation of privilege vulnerability in the Windows Common Log File System (CLFS) Driver – A vulnerability in the Netlogon remote protocol that allows for privilege elevation

The malware spread through phishing emails, stolen credentials, Microsoft Exchange exploits, or Remote Desktop Protocol (RDP) tools. Once inside their targets’ networks, Cuba ransomware threat actors use legitimate Windows services (e.g., PowerShell, PsExec, and various other unspecified services) to remotely deploy payloads and encrypt files with the “.cuba” extension.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Hamilton Estimates $52 Million to Rebuild IT Systems After Ransomware Attack

The city of Hamilton plans to spend $52 million over the next three years to rebuild and secure...

Avery Data Breach: Credit Card Skimmer Affects Over 61,000 Customers

Label maker Avery has disclosed a data breach affecting 61,193 customers, caused by a credit card skimmer that...

Scammed Company Ordered to Pay $190k for Fraudulent Invoice Payment

A hacker gained access to Mobius Group’s email system and sent instructions from a legitimate email address, directing...

Sneaky 2FA: A Sophisticated Attack Defeats Both 2FA and Phishing Protections

A new phishing kit, ominously named "Sneaky 2FA," has emerged, targeting Microsoft 365 users by bypassing two-factor authentication...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways