Security News > 2022 > August > Hackers Behind Cuba Ransomware Attacks Using New RAT Malware

Threat actors associated with the Cuba ransomware have been linked to previously undocumented tactics, techniques and procedures, including a new remote access trojan called ROMCOM RAT on compromised systems.

In the intervening months, the ransomware operation has received an upgrade with an aim to "Optimize its execution, minimize unintended system behavior, and provide technical support to the ransomware victims if they choose to negotiate," per Trend Micro.

Tropical Scorpius is also believed to share connections with a data extortion marketplace called Industrial Spy, as reported by Bleeping Computer in May 2022, with the exfiltrated data following a Cuba ransomware attack posted for sale on the illicit portal instead of its own data leak site.

The findings come as emerging ransomware groups such as Stormous, Vice Society, Luna, SolidBit, and BlueSky are continuing to proliferate and evolve in the cybercrime ecosystem, at the same using advanced encryption techniques and delivery mechanisms.

"Ransomware authors are adopting modern advanced techniques such as encoding and encrypting malicious samples, or using multi-staged ransomware delivery and loading, to evade security defenses," Unit 42 noted.

"BlueSky ransomware is capable of encrypting files on victim hosts at rapid speeds with multithreaded computation. In addition, the ransomware adopts obfuscation techniques, such as API hashing, to slow down the reverse engineering process for the analyst."

News URL

https://thehackernews.com/2022/08/hackers-behind-cuba-ransomware-attacks.html