Cuba ransomware returns to extorting victims with updated encryptor

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
The Cuba ransomware operation has returned to regular operations with a new version of its malware found used in recent attacks.

Cuba ransomware's activity reached a peak in 2021 when it partnered with the Hancitor malware gang for initial access. By the end of the year, it had breached 49 critical infrastructure organizations in the United States.

This year started less impressive for the ransomware gang, with few new victims. However, Mandiant spotted signs of tactical changes and experimentation that indicated the group is still active.

Now, Trend Micro analysts report seeing a resurgence in Cuba infections, starting in March and continuing strong until April 2022.

Cuba has listed three victims in April and one in May on its Tor site. However, the attacks that resulted in the publication of these files likely unfolded earlier.

While these aren't impressive figures compared to other ransomware operations, "Cuba" is generally more selective, hitting only large organizations.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top