Cuba ransomware breached 49 US critical infrastructure organisations, FBI finds

The FBI has revealed that the Cuba ransomware gang has breached the networks of ‘at least’ 49 organisations from US critical infrastructure markets.

According to Bleeping Computer, this ransomware group has made over $40m since it started targeting US companies, with the FBI claiming they have demanded at least $74m.

Cuba ransomware is delivered on the networks of victims through the Hancitor malware downloader, which enables the ransomware gang to secure easier access to previously compromised corporate networks.

Hancitor uses phishing emails and stolen credentials break-in via Remote Desktop Protocol tools and exploits Microsoft Exchange vulnerabilities. Once in using the Hancitor-provided access, Cuba ransomware operators are able to use legitimate Windows services to deploy their ransomware payloads remotely and encrypt files using the ‘.cuba’ extension.

The FBI said, “The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors.”

The FBI also asked systems admins and security professionals who detect Cuba ransomware activity within their enterprise networks to share any related information that they have with their local FBI Cyber Squad.

Cybersecurity global leader AI Darktrace recently warned that the average number of attempted ransomware attacks increased by 30% over the holiday season.

Copyright © 2021 FinTech Global

Enjoying the stories?

Subscribe to our daily FinTech newsletter and get the latest industry news & research


The following investor(s) were tagged in this article.