The FBI has released a notice on Cuba ransomware, where they stated it as one of the highest-earning ransomware gangs in its industry.
As they reported, the Cuba ransomware has earned over $43 million from 49 victims so far, by hitting critical companies. The FBI also detailed how Cuba gang performs their operations, through publicly available tools.
Earning Millions From Ransomware Operations
As many experts and security researchers noted, the ransomware operation is becoming one of the most lucrative cybercrimes lately. They have become so sophisticated that, expert hackers are dividing themselves to work on the RaaS model, and also introducing leak sites to pressure the victims.
And Cuba ransomware is one among them. Flying under the radar, Cuba ransomware hit few but significant targets in critical sectors like financial, government, healthcare, manufacturing, and IT. They use general vectors like phishing campaigns, hitting vulnerable Microsoft Exchange for email compromise, or using legitimate RDP to get in.
And they do this by serving Hancitor – a malware loader that’s tasked with injection data stealers and other malware from Cuba gang into the victim’s systems. It’s also noted that the gang uses inbuilt tools like PowerShell and PsExec and publicly available tools like CobaltStrike beacons and MimiKatz in their works.
Spreading laterally and covering as many systems as possible, they’d then connect to remote C2 through RDP connections, and dump their ransomware malware to encrypt the devices. This will be done after stealing the data from the victim, so it can be used for pushing them later for paying the ransom.
The FBI noted that Cuba ransomware has recently started their leak site, for shaming and threatening victims into paying the demanded sum. Also, many have known that Cuba ransomware is an inactive group, with fewer submissions and successful operations. But, the FBI noted that Cuba gang has earned about $43.9 million from 49 victims so far.
Other Trending News:- News