Security News > 2022 > October > Cuba ransomware affiliate targets Ukrainian govt agencies
The Computer Emergency Response Team of Ukraine has issued an alert about potential Cuba Ransomware attacks against critical networks in the country.
Running this file will install and execute the "Rmtpak.dll" DLL file, which is Cuba Ransomware's signature malware known as "ROMCOM RAT.".
ROMCOM was first spotted by researchers at Palo Alto Networks in August 2022, naming the Cuba Ransomware affiliate using the new malware as "Tropical Scorpius."
"Considering the use of the RomCom backdoor, as well as other features of the related files, we believe it is possible to associate the detected activity with the activity of the group Tropical Scorpius aka UNC2596, which is responsible for the distribution of Cuba Ransomware," concludes the CERT-UA announcement.
In September 2022, it was revealed that Cuba Ransomware had hit the small Balkan country of Montenegro, demanding a ransom payment of $10,000,000.
While that incident was initially given a geo-political hue, Cuba Ransomware isn't among the hackers who have declared interest in hacktivism, and neither did they take sides in the conflict between Russia and Ukraine.