Security News > 2021 > May > Cuba Ransomware partners with Hancitor for spam-fueled attacks
![Cuba Ransomware partners with Hancitor for spam-fueled attacks](/static/build/img/news/alt/hackers-statistics-medium.jpg)
The Cuba Ransomware gang has teamed up with the spam operators of the Hancitor malware to gain easier access to compromised corporate networks.
Similar to how Ryuk and Conti partnered with TrickBot and Egregor and ProLock worked with QBot, the Cuba Ransomware has partnered with Hancitor to gain access to compromised networks.
Ransomware gangs commonly use cracked versions of Cobalt Strike as part of their attacks to gain a foothold and spread laterally throughout a network.
After the Cobalt Strike beacons are deployed, Group-IB researchers say the threat actors use this remote access to gather network credentials, domain information, and spread throughout the network.
"The Beacon's capabilities were also used to scan the compromised network. In addition, the group leveraged some custom tools for network reconnaissance. The first tool is called Netping - it's a simple scanner capable of collecting information about alive hosts in the network and saving it into a text file, the other tool, Protoping, to collect information about available network shares."
When the actors finally gain access to a domain admin's credentials, they deploy the ransomware executable via PsExec to encrypt devices on the network.
News URL
Related news
- REvil hacker behind Kaseya ransomware attack gets 13 years in prison (source)
- City of Wichita shuts down IT network after ransomware attack (source)
- Ransomware attacks impact 20% of sensitive data in healthcare orgs (source)
- Ohio Lottery ransomware attack impacts over 538,000 individuals (source)
- Ascension redirects ambulances after suspected ransomware attack (source)
- Singing River Health System: Data of 895,000 stolen in ransomware attack (source)
- Windows Quick Assist abused in Black Basta ransomware attacks (source)
- Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks (source)
- OmniVision discloses data breach after 2023 ransomware attack (source)
- LockBit says they stole data in London Drugs ransomware attack (source)