Technology · December 2, 2022

FBI, CISA say Cuba ransomware gang extorted $60M from victims this year

The Cuba ransomware gang extorted more than $60 million in ransom payments from victims between December 2021 and August 2022, a joint advisory from CISA and the FBI has warned.

The latest advisory is a follow-up to a flash alert released by the FBI in December 2021, which revealed that the gang had earned close to $44 million in ransom payments after attacks on more than 49 entities in five critical infrastructure sectors in the United States. Since, the Cuba ransomware gang has brought in an additional $60 million from attacks against 100 organizations globally, almost half of the $145 million it demanded in ransom payments from these victims.

“Since the release of the December 2021 FBI Flash, the number of U.S. entities compromised by Cuba ransomware has doubled, with ransoms demanded and paid on the increase,” the two federal agencies said on Thursday.

Cuba ransomware actors, which have been active since 2019, continue to target U.S. entities in critical infrastructure, including toptechtrends.com/tag/financial-services/”>financial services, government facilities, healthcare and public health, critical manufacturing, and information technology.

In August this year, the gang was linked to toptechtrends.com/2022/08/31/montenegro-ransomware-attack-embassy-warning/”>a ransomware attack targeting the nation state of Montenegro that targeted government systems and other critical infrastructure and utilities, including electricity, water systems, and transportation. At the time of the attack, the Cuba ransomware gang claimed it had obtained “financial documents, correspondence with bank employees, account movements, balance sheets, tax documents, compensation [and] source code” from Montenegro’s parliament.

Cuba was also linked to a toptechtrends.com/2021/02/18/california-motor-vehicles-afts-ransomware/”>breach of California’s Department of Motor Vehicles in April this year, which saw the attackers compromise California vehicle registration records that contain names, addresses, license plate numbers, and vehicle identification numbers.

FBI and CISA added that the toptechtrends.com/tag/ransomware/”>ransomware gang has modified its tactics, techniques, and procedures since the start of the year and has been linked to the RomCom malware, a custom remote access trojan for command and control, and the Industrial Spy ransomware.

The advisory notes that the group — which cybersecurity company Profero previously linked to Russian-speaking hackers — typically extorts victims by threatening to leak stolen data. While this data was typically leaked on Cuba’s toptechtrends.com/tag/dark-web/”>dark web leak site, it began selling stolen data on Industrial Spy’s online market in May this year.

CISA and the FBI are urging at-risk organizations to prioritize patching known exploited vulnerabilities, to train employees to spot and report toptechtrends.com/tag/phishing/”>phishing attacks and to enable and enforce phishing-resistant toptechtrends.com/tag/multi-factor-authentication/”>multi-factor authentication.

The release of CISA and the FBI’s advisory comes as the Cuba ransomware gang continues to list new victims on its website. The most recent additions include Generator Power, a U.K.-based generator hire company, and German media monitoring firm Landau Media.

toptechtrends.com/2022/11/18/combatting-ransomware/”>Ransomware is a global problem that needs a global solution

toptechtrends.com/2022/12/02/fbi-cisa-cuba-ransomware/”>FBI, CISA say Cuba ransomware gang extorted $60M from victims this year by toptechtrends.com/author/carly-page/”>Carly Page originally published on toptechtrends.com/”>TechCrunch

About The Author