FBI: Hackers use Cuba ransomware against critical infrastructures

top cybersecurity companies

You collect at least $ 43.9 million in ransom. The spread of Cuba takes place via the Hancitor malware.

The FBI has released a new notice about Cuba ransomware. It said the backers had attacked “49 facilities in five critical infrastructure areas” and received at least $ 43.9 million in ransom payments.

In the notice posted on Friday, the FBI said the group was targeting companies in finance, government, healthcare, manufacturing and information technology. They use the Hancitor malware to gain access to Windows systems.

“The Cuba ransomware is distributed via the Hancitor malware, a loader known to inject or execute stealers such as Remote Access Trojans (RATs) and other types of ransomware on victims’ networks,” the FBI said. The name of the group or the ransomware is derived from the file extension “.cuba” with which all encrypted files are provided.

“The Hancitor malware actors use phishing emails to Microsoft Exchange vulnerabilities, compromised credentials, or legitimate Remote Desktop Protocol (RDP) tools to first gain access to a victim’s network. Then they abuse legitimate Windows services – like PowerShell, PsExec, and other unspecified services – and then use Windows admin rights to remotely run their ransomware and other processes. “

According to Brett Callow, threat analyst at Emsisoft, the report shows how lucrative the ransomware industry is when you consider that ransomware group Cuba is not among the top ten most active cyber extortionists. “That shows how much money can be made with ransomware. Cuba is a relatively small player and when they have made $ 49 million other groups have made significantly more, “Callow told Pentest7.com. “And of course that’s why ransomware is such a difficult problem to deal with. The massive profits mean people think the risks are worth taking. “

Leave a Reply

Your email address will not be published. Required fields are marked *