Security News > 2022 > August > Hackers Behind Cuba Ransomware Attacks Using New RAT Malware

Threat actors associated with the Cuba ransomware have been linked to previously undocumented tactics, techniques and procedures, including a new remote access trojan called ROMCOM RAT on compromised systems.
In the intervening months, the ransomware operation has received an upgrade with an aim to "Optimize its execution, minimize unintended system behavior, and provide technical support to the ransomware victims if they choose to negotiate," per Trend Micro.
Tropical Scorpius is also believed to share connections with a data extortion marketplace called Industrial Spy, as reported by Bleeping Computer in May 2022, with the exfiltrated data following a Cuba ransomware attack posted for sale on the illicit portal instead of its own data leak site.
The findings come as emerging ransomware groups such as Stormous, Vice Society, Luna, SolidBit, and BlueSky are continuing to proliferate and evolve in the cybercrime ecosystem, at the same using advanced encryption techniques and delivery mechanisms.
"Ransomware authors are adopting modern advanced techniques such as encoding and encrypting malicious samples, or using multi-staged ransomware delivery and loading, to evade security defenses," Unit 42 noted.
"BlueSky ransomware is capable of encrypting files on victim hosts at rapid speeds with multithreaded computation. In addition, the ransomware adopts obfuscation techniques, such as API hashing, to slow down the reverse engineering process for the analyst."
News URL
https://thehackernews.com/2022/08/hackers-behind-cuba-ransomware-attacks.html
Related news
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- BlackLock ransomware claims nearly 50 attacks in two months (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners (source)