Cuba Ransomware

Pierluigi Paganini December 02, 2022
Cuba Ransomware received over $60M in Ransom payments as of August 2022

Cuba ransomware gang received more than $60 million in ransom payments related to attacks against 100 entities worldwide as of August 2022. The threat actors behind the Cuba ransomware (aka COLDDRAW, Tropical Scorpius) have demanded over 145 million U.S. Dollars (USD) and received more than $60 million in ransom payments from over 100 victims worldwide […]

Pierluigi Paganini October 24, 2022
Cuba ransomware affiliate targets Ukraine, CERT-UA warns

The Ukraine Computer Emergency Response Team (CERT-UA) warns of Cuba Ransomware attacks against critical networks in the country. The Ukraine Computer Emergency Response Team (CERT-UA) warns of potential Cuba Ransomware attacks against local critical infrastructure. On October 21, 2022, the Ukraine CERT-UA uncovered a phishing campaign impersonating the Press Service of the General Staff of […]

Pierluigi Paganini September 13, 2022
Montenegro and its allies are working to recover from the massive cyber attack

A massive cyberattack hit Montenegro, officials believe that it was launched by pro-Russian hackers and the security services of Moscow. A massive cyberattack hit Montenegro, the offensive forced government headquarters to disconnect the systems from the Internet. The attack started on August 20 and impacted online government information platforms. According to the media, the critical […]

Pierluigi Paganini September 01, 2022
FBI is helping Montenegro in investigating the ongoing cyberattack

A team of cybersecurity experts from the US FBI will help the authorities in Montenegro to investigate the recent massive cyberattack. A team of cybersecurity experts from the FBI is heading to Montenegro to help local authorities in investigating the recent massive cyber attack that hit the government infrastructure last week. “This is another confirmation […]

Pierluigi Paganini June 10, 2022
Experts spotted a new variant of the Cuba Ransomware with optimized infection techniques

The Cuba ransomware operators are back and employed a new version of its malware in recent attacks. Cuba ransomware has been active since at least January 2020. Its operators have a data leak site, where they post exfiltrated data from their victims who refused to pay the ransom. The ransomware encrypts files on the targeted systems […]

Pierluigi Paganini May 28, 2022
The strange link between Industrial Spy and the Cuba ransomware operation

The recently launched Industrial Spy data extortion marketplace has now started its ransomware operation. In April, Malware HunterTeam and Bleeping Computer reported the launch of a new dark web marketplace called Industrial Spy that sells stolen data and offers free stolen data to its members. MalwareHunterTeam researchers spotted malware samples [1, 2] that drop the following wallpaper that promotes […]

Pierluigi Paganini May 07, 2021
Connecting the Bots – Hancitor fuels Cuba Ransomware Operations

The Cuba Ransomware gang has partnered with the crooks behind the Hancitor malware in attacks aimed at corporate networks. The Hancitor downloader has been around for quite some time already. It is known since at least 2016 for dropping Pony and Vawtrak. As a loader, it has been used to download other malware families, such as Ficker […]