The Cuba ransomware operation has returned to regular operations with a new version of its malware found used in recent attacks.
Cuba ransomware's activity reached a peak in 2021 when it
partnered with the Hancitor malware gang for initial access. By the end of the year, it had
breached 49 critical infrastructure organizations in the United States.
This year started less impressive for the ransomware gang, with few new victims. However, Mandiant spotted signs of
tactical changes and experimentation that indicated the group is still active.
Now, Trend Micro analysts report seeing a resurgence in Cuba infections, starting in March and continuing strong until April 2022.
Cuba has listed three victims in April and one in May on its Tor site. However, the attacks that resulted in the publication of these files likely unfolded earlier.
While these aren't impressive figures compared to other ransomware operations, "Cuba" is generally more selective, hitting only large organizations.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
