Security News > 2021 > May > Cuba Ransomware partners with Hancitor for spam-fueled attacks

The Cuba Ransomware gang has teamed up with the spam operators of the Hancitor malware to gain easier access to compromised corporate networks.
Similar to how Ryuk and Conti partnered with TrickBot and Egregor and ProLock worked with QBot, the Cuba Ransomware has partnered with Hancitor to gain access to compromised networks.
Ransomware gangs commonly use cracked versions of Cobalt Strike as part of their attacks to gain a foothold and spread laterally throughout a network.
After the Cobalt Strike beacons are deployed, Group-IB researchers say the threat actors use this remote access to gather network credentials, domain information, and spread throughout the network.
"The Beacon's capabilities were also used to scan the compromised network. In addition, the group leveraged some custom tools for network reconnaissance. The first tool is called Netping - it's a simple scanner capable of collecting information about alive hosts in the network and saving it into a text file, the other tool, Protoping, to collect information about available network shares."
When the actors finally gain access to a domain admin's credentials, they deploy the ransomware executable via PsExec to encrypt devices on the network.
News URL
Related news
- Hunters International ransomware claims attack on Tata Technologies (source)
- Toronto Zoo shares update on last year's ransomware attack (source)
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- BlackLock ransomware claims nearly 50 attacks in two months (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Texas State Bar warns of data breach after INC ransomware claims attack (source)
- Sensata Technologies hit by ransomware attack impacting operations (source)
- Ransomware attack cost IKEA operator in Eastern Europe $23 million (source)