• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Cuba Ransomware Actors Pocket $60m

You are here: Home / General Cyber Security News / Cuba Ransomware Actors Pocket $60m
December 2, 2022

A foremost US security agency has warned of the continued risk posed by the Cuba ransomware variant, which has made its affiliates and developers $60m as of August.

The US Cybersecurity and Infrastructure Security Agency (CISA) uncovered in a new alert that the ransomware has compromised at least 100 entities around the world, acquiring doubled its target count in the US because last December.

The team and its affiliate marketers generally focus on economical expert services, governing administration, healthcare, critical manufacturing and IT businesses. Disappointingly, ransoms are ever more getting compensated, CISA reported. The team has demanded $145m to date in recorded attacks.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Threat actors use a person of quite a few tried out-and-examined strategies to gain initial obtain: phishing strategies, vulnerability exploitation, compromised credentials and distant desktop protocol (RDP) instruments.

Once inside of, the ransomware by itself is distributed through a loader known as “Hancitor,” the report exposed.

However, given that spring this year, the team has modified some of its strategies, methods and procedures (TTPs).

It uses a dropper that writes a kernel driver to the file technique identified as ApcHelper.sys, in buy to terminate any security merchandise working on victims’ machines. It also exploits CVE-2022-24521 to steal system tokens and elevate privileges, and CVE-2020-1472 to acquire area administrator privileges.

CISA also cited Palo Alto Networks exploration linking the Cuba ransomware variant to the personalized RomCom RAT for command and regulate (C2), and the Industrial Spy ransomware, on whose marketplace the team has bought stolen details.

“According to 3rd-party reporting, suspected Cuba ransomware actors compromised a overseas health care firm. The threat actors deployed Industrial Spy ransomware, which shares distinctive similarities in configuration to Cuba ransomware,” CISA claimed.

“Before deploying the ransomware, the actors moved laterally using Impacket and deployed the RomCom RAT and Meterpreter Reverse Shell HTTP/HTTPS proxy through a C2 server.”


Some sections of this report are sourced from:
www.infosecurity-journal.com

Previous Post: «what the cisa reporting rule means for your it security What the CISA Reporting Rule Means for Your IT Security Protocol
Next Post: NATO Launches Massive Cyber-Defense Exercise Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia
  • Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats
  • Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan
  • Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks
  • WhatsApp’s New Secret Code Feature Lets Users Protect Private Chats with Password
  • U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign Agents
  • Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices
  • Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws
  • Google Unveils RETVec – Gmail’s New Defense Against Spam and Malicious Emails
  • North Korea’s Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks

Copyright © TheCyberSecurity.News, All Rights Reserved.