FBI says Cuba ransomware extorted over $60 million in ransom fees from more than 100 entities

As of August 2022, the threat actors behind the Cuba (aka COLDDRAW) ransomware had received more than $60 million in ransom payments and had compromised over 100 entities worldwide.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a new advisory highlighting a “sharp increase in both the number of compromised US entities and the ransom amounts.”

According to the FBI and CISA, the ransomware gang has broadened its tactics, techniques, and procedures (TTPs) since the beginning of the year and has been linked to the RomCom Remote Access Trojan (RAT) and Industrial Spy ransomware.

It steals money by exploiting known security flaws, phishing, compromised credentials, and legitimate remote desktop protocol (RDP) tools, then distributes ransomware through Hancitor (aka Chanitor). Cuba has included the following flaws in its toolkit: CVE-2022-24521 (CVSS score: 7.8) (CVSS score: 7.8) – CVE-2020-1472: An elevation of privilege vulnerability in the Windows Common Log File System (CLFS) Driver – A vulnerability in the Netlogon remote protocol that allows for privilege elevation

The malware spread through phishing emails, stolen credentials, Microsoft Exchange exploits, or Remote Desktop Protocol (RDP) tools. Once inside their targets’ networks, Cuba ransomware threat actors use legitimate Windows services (e.g., PowerShell, PsExec, and various other unspecified services) to remotely deploy payloads and encrypt files with the “.cuba” extension.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web