Security News > 2022 > August > Hackers Behind Cuba Ransomware Attacks Using New RAT Malware

Threat actors associated with the Cuba ransomware have been linked to previously undocumented tactics, techniques and procedures, including a new remote access trojan called ROMCOM RAT on compromised systems.
In the intervening months, the ransomware operation has received an upgrade with an aim to "Optimize its execution, minimize unintended system behavior, and provide technical support to the ransomware victims if they choose to negotiate," per Trend Micro.
Tropical Scorpius is also believed to share connections with a data extortion marketplace called Industrial Spy, as reported by Bleeping Computer in May 2022, with the exfiltrated data following a Cuba ransomware attack posted for sale on the illicit portal instead of its own data leak site.
The findings come as emerging ransomware groups such as Stormous, Vice Society, Luna, SolidBit, and BlueSky are continuing to proliferate and evolve in the cybercrime ecosystem, at the same using advanced encryption techniques and delivery mechanisms.
"Ransomware authors are adopting modern advanced techniques such as encoding and encrypting malicious samples, or using multi-staged ransomware delivery and loading, to evade security defenses," Unit 42 noted.
"BlueSky ransomware is capable of encrypting files on victim hosts at rapid speeds with multithreaded computation. In addition, the ransomware adopts obfuscation techniques, such as API hashing, to slow down the reverse engineering process for the analyst."
News URL
https://thehackernews.com/2022/08/hackers-behind-cuba-ransomware-attacks.html
Related news
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- Sensata Technologies hit by ransomware attack impacting operations (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Ransomware attack cost IKEA operator in Eastern Europe $23 million (source)
- Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT (source)
- Kidney dialysis firm DaVita hit by weekend ransomware attack (source)