Over 100 Organizations Hit by Cuba Ransomware: CISA, FBI By Orbit Brain December 2, 2022 0 182 views Residence › Virus & ThreatsOver 100 Organizations Hit by Cuba Ransomware: CISA, FBIBy Ionut Arghire on December 02, 2022TweetCuba ransomware assaults on important infrastructure have continued in 2022, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Safety Company (CISA) warn.Energetic since late 2019, Cuba ransomware is understood for appending the ‘.cuba’ extension to encrypted information, and was beforehand seen being distributed by way of a malware loader referred to as Hancitor, which usually offers menace actors with entry to compromised networks.In December 2021, the FBI issued an alert on Cuba ransomware operations, warning that the cybercriminals behind it might need obtained over $43 million in ransom funds from their victims.In a joint alert printed this week, CISA and the FBI have up to date the determine to $60 million, saying that greater than 100 organizations have been compromised as of August 2022.The ransomware has been utilized in assaults concentrating on organizations within the monetary, authorities, healthcare, IT, and manufacturing sectors.“Since spring 2022, Cuba ransomware actors have modified their TTPs and instruments to work together with compromised networks and extort funds from victims,” CISA and the FBI say.The menace actors proceed to compromise goal networks by way of recognized software program vulnerabilities, phishing, stolen credentials, and legit distant desktop protocol (RDP) instruments. In addition they try to elevate privileges on the compromised programs.Cuba ransomware operators have been noticed exploiting CVE-2022-24521 (a vulnerability within the Home windows CLFS driver), utilizing a PowerShell script for reconnaissance, utilizing KerberCache to extract cached Kerberos tickets, and exploiting CVE-2020-1472 (ZeroLogon) to acquire area administrative privileges.“Cuba ransomware actors use instruments to evade detection whereas shifting laterally by means of compromised environments earlier than executing Cuba ransomware,” the 2 businesses word.Along with encrypting victims’ information, the menace actors additionally exfiltrate information and threaten to launch it publicly until a ransom cost is made.In an August 2022 report, Palo Alto Networks famous that Cuba ransomware operators have began utilizing the RomCom RAT for command-and-control (C&C). The malware is understood for concentrating on meals brokers, international navy organizations, IT organizations, and producers.Cuba ransomware operators can also be utilizing the Industrial Spy ransomware and have been noticed utilizing Industrial Spy’s on-line market to promote information exfiltrated from victims.The menace actors additionally seem to have been concerned in a disruptive assault on Montenegro, which has been attributed to Russia-linked hackers.Associated: Hive Ransomware Gang Hits 1,300 Companies, Makes $100 MillionAssociated: US Healthcare Organizations Warned of ‘Daixin Crew’ Ransomware AssaultsAssociated: FBI: 649 Ransomware Assaults Reported on Vital Infrastructure Organizations in 2021Get the Every day Briefing Most CurrentMost LearnOver 100 Organizations Hit by Cuba Ransomware: CISA, FBIMitsubishi Electrical PLCs Uncovered to Assaults by Engineering Software program FlawsGoogle Migrating Android to Reminiscence-Secure Programming LanguagesWipers Are Widening: Here is Why That Issues‘Schoolyard Bully’ Android Trojan Focused Fb Credentials of 300,000 CustomersBuyers Double Down on Pangea Cyber API Safety WagerAlbanian IT Employees Charged With Negligence Over CyberattackA number of Automotive Manufacturers Uncovered to Hacking by Flaw in Sirius XM Related Car ServiceGoTo, LastPass Notify Prospects of New Information Breach Associated to Earlier IncidentEl Salvador Journalists Sue NSO Group in US Over Alleged Pegasus AssaultsIn search of Malware in All of the Flawed Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Laptop Says About YouBe in a Place to Act By Cyber Situational ConsciousnessReport Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of FailureThe best way to Establish Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EngagingThe best way to Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseShare this:FacebookXPrintEmailLinkedInRedditTwitterTumblrPinterestTelegramWhatsApp CISA critical infrastructure Cuba extortion FBI ransom ransomware Orbit Brainhttps://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
Thoma Bravo to Take IAM Company ForgeRock Private in $2.3 Billion DealIntroducing the Cyber Security News Thoma Bravo to Take IAM Company ForgeRock Private in $2.3 Billion Deal.... October 12, 2022 Cyber Security News
Google Pays Out Over $50,000 for Vulnerabilities Patched by Chrome 107Introducing the Cyber Security News Google Pays Out Over $50,000 for Vulnerabilities Patched by Chrome 107.... October 26, 2022 Cyber Security News
US Charges 8 People Over Cybercrime, Tax Fraud SchemeIntroducing the Cyber Security News US Charges 8 People Over Cybercrime, Tax Fraud Scheme.... November 2, 2022 Cyber Security News
NSA Publishes Security Guidance for Organizations Transitioning to IPv6Introducing the Cyber Security News NSA Publishes Security Guidance for Organizations Transitioning to IPv6.... January 24, 2023 Cyber Security News
NSA Outs Chinese Hackers Exploiting Citrix Zero-DayIntroducing the Cyber Security News NSA Outs Chinese Hackers Exploiting Citrix Zero-Day.... December 14, 2022 Cyber Security News
Trend Micro Patches Another Apex One Vulnerability Exploited in AttacksIntroducing the Cyber Security News Trend Micro Patches Another Apex One Vulnerability Exploited in Attacks.... September 13, 2022 Cyber Security News
The Next Shiba Inu and Dogecoin? Dogecoin20 ICO and the Promise of Millionaire ReturnsMarch 20, 2024 70