Security News > 2022 > December > FBI warns about Cuba, no, not that one — the ransomware gang

The Cuba gang has hit more than 100 organizations worldwide, demanding over $145 million in payments and successfully extorting at least $60 million since August, according to a joint FBI and US Cybersecurity and Infrastructure Security Agency advisory.

Private security researchers have identified possible links between Cuba ransomware criminals and their RomCom remote access trojan and Industrial Spy ransomware counterparts.

The crooks continue to target five critical infrastructure sectors: financial services, government, healthcare and public health, critical manufacturing, and IT, according to the FBI. As the bureau previously noted, Cuba ransomware miscreants tend to use known bugs in commercial software, phishing emails, compromised credentials, and remote desktop protocol tools to gain initial access to their victims' networks.

The security shop's research and consulting arm also discovered the Cuba ransomware crooks exploiting certain known vulnerabilities and using legitimate tools to elevate privileges and burrow deeper into their victims' environments.

Cuba ransomware gang scores almost $44m in ransom payments across 49 orgs, say Feds Hive ransomware crooks extort $100m from 1,300 global victims Sandworm gang launches Monster ransomware attacks on Ukraine Google warns about commercial Heliconia spyware hitting Chrome, Firefox and Microsoft Defender.

The FBI also updated its list of Cuba ransomware indicators of compromise that it has seen during threat response investigations as of late August, and this list builds onto the earlier IOC list [PDF] from November 2021.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/12/02/fbi_warning_cuba_ransomware/