Security News > 2022 > December > Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entities

The threat actors behind Cuba ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022.

The ransomware crew, also known as Tropical Scorpius, has been observed targeting financial services, government facilities, healthcare, critical manufacturing, and IT sectors, while simultaneously expanding its tactics to gain initial access and interact with breached networks.

The entry point for the attacks involves the exploitation of known security flaws, phishing, compromised credentials, and legitimate remote desktop protocol tools, followed by distributing the ransomware via Hancitor.

"In addition to deploying ransomware, the actors have used 'double extortion' techniques, in which they exfiltrate victim data, and demand a ransom payment to decrypt it and, threaten to publicly release it if a ransom payment is not made," CISA noted.

Cuba is also said to share links with the operators of RomCom RAT and another ransomware family called Industrial Spy, according to recent findings from BlackBerry and Palo Alto Networks Unit 42.

The advisory from CISA and FBI is the latest in a series of alerts about different ransomware strains in recent months such as MedusaLocker, Zeppelin, Vice Society, Daixin Team, and Hive.

News URL

https://thehackernews.com/2022/12/cuba-ransomware-extorted-over-60.html