Security News > 2022 > August > Hackers Behind Cuba Ransomware Attacks Using New RAT Malware

Threat actors associated with the Cuba ransomware have been linked to previously undocumented tactics, techniques and procedures, including a new remote access trojan called ROMCOM RAT on compromised systems.
In the intervening months, the ransomware operation has received an upgrade with an aim to "Optimize its execution, minimize unintended system behavior, and provide technical support to the ransomware victims if they choose to negotiate," per Trend Micro.
Tropical Scorpius is also believed to share connections with a data extortion marketplace called Industrial Spy, as reported by Bleeping Computer in May 2022, with the exfiltrated data following a Cuba ransomware attack posted for sale on the illicit portal instead of its own data leak site.
The findings come as emerging ransomware groups such as Stormous, Vice Society, Luna, SolidBit, and BlueSky are continuing to proliferate and evolve in the cybercrime ecosystem, at the same using advanced encryption techniques and delivery mechanisms.
"Ransomware authors are adopting modern advanced techniques such as encoding and encrypting malicious samples, or using multi-staged ransomware delivery and loading, to evade security defenses," Unit 42 noted.
"BlueSky ransomware is capable of encrypting files on victim hosts at rapid speeds with multithreaded computation. In addition, the ransomware adopts obfuscation techniques, such as API hashing, to slow down the reverse engineering process for the analyst."
News URL
https://thehackernews.com/2022/08/hackers-behind-cuba-ransomware-attacks.html
Related news
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)