Residence › Virus & Threats

Over 100 Organizations Hit by Cuba Ransomware: CISA, FBI

By Ionut Arghire on December 02, 2022

Tweet

Cuba ransomware assaults on important infrastructure have continued in 2022, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Safety Company (CISA) warn.

Energetic since late 2019, Cuba ransomware is understood for appending the ‘.cuba’ extension to encrypted information, and was beforehand seen being distributed by way of a malware loader referred to as Hancitor, which usually offers menace actors with entry to compromised networks.

In December 2021, the FBI issued an alert on Cuba ransomware operations, warning that the cybercriminals behind it might need obtained over $43 million in ransom funds from their victims.

In a joint alert printed this week, CISA and the FBI have up to date the determine to $60 million, saying that greater than 100 organizations have been compromised as of August 2022.

The ransomware has been utilized in assaults concentrating on organizations within the monetary, authorities, healthcare, IT, and manufacturing sectors.

“Since spring 2022, Cuba ransomware actors have modified their TTPs and instruments to work together with compromised networks and extort funds from victims,” CISA and the FBI say.

The menace actors proceed to compromise goal networks by way of recognized software program vulnerabilities, phishing, stolen credentials, and legit distant desktop protocol (RDP) instruments. In addition they try to elevate privileges on the compromised programs.

Cuba ransomware operators have been noticed exploiting CVE-2022-24521 (a vulnerability within the Home windows CLFS driver), utilizing a PowerShell script for reconnaissance, utilizing KerberCache to extract cached Kerberos tickets, and exploiting CVE-2020-1472 (ZeroLogon) to acquire area administrative privileges.

“Cuba ransomware actors use instruments to evade detection whereas shifting laterally by means of compromised environments earlier than executing Cuba ransomware,” the 2 businesses word.

Along with encrypting victims’ information, the menace actors additionally exfiltrate information and threaten to launch it publicly until a ransom cost is made.

In an August 2022 report, Palo Alto Networks famous that Cuba ransomware operators have began utilizing the RomCom RAT for command-and-control (C&C). The malware is understood for concentrating on meals brokers, international navy organizations, IT organizations, and producers.

Cuba ransomware operators can also be utilizing the Industrial Spy ransomware and have been noticed utilizing Industrial Spy’s on-line market to promote information exfiltrated from victims.

The menace actors additionally seem to have been concerned in a disruptive assault on Montenegro, which has been attributed to Russia-linked hackers.

Associated: Hive Ransomware Gang Hits 1,300 Companies, Makes $100 Million

Associated: US Healthcare Organizations Warned of ‘Daixin Crew’ Ransomware Assaults

Associated: FBI: 649 Ransomware Assaults Reported on Vital Infrastructure Organizations in 2021

Get the Every day Briefing

• Most Current
• Most Learn

• Over 100 Organizations Hit by Cuba Ransomware: CISA, FBI
• Mitsubishi Electrical PLCs Uncovered to Assaults by Engineering Software program Flaws
• Google Migrating Android to Reminiscence-Secure Programming Languages
• Wipers Are Widening: Here is Why That Issues
• ‘Schoolyard Bully’ Android Trojan Focused Fb Credentials of 300,000 Customers
• Buyers Double Down on Pangea Cyber API Safety Wager
• Albanian IT Employees Charged With Negligence Over Cyberattack
• A number of Automotive Manufacturers Uncovered to Hacking by Flaw in Sirius XM Related Car Service
• GoTo, LastPass Notify Prospects of New Information Breach Associated to Earlier Incident
• El Salvador Journalists Sue NSO Group in US Over Alleged Pegasus Assaults

In search of Malware in All of the Flawed Locations?

First Step For The Web’s subsequent 25 years: Including Safety to the DNS

Tattle Story: What Your Laptop Says About You

Be in a Place to Act By Cyber Situational Consciousness

Report Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant

2010, A Nice 12 months To Be a Scammer.

Do not Let DNS be Your Single Level of Failure

The best way to Establish Malware in a Blink

Defining and Debating Cyber Warfare

The 5 A’s that Make Cybercrime so Engaging

The best way to Defend Towards DDoS Assaults

Safety Budgets Not in Line with Threats

Anycast – Three Causes Why Your DNS Community Ought to Use It

The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering Organizations

Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise

Orbit Brain

https://orbitbrain.com/

Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways
and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.