The Cuba ransomware gang extorted greater than $60 million in ransom funds from victims between December 2021 and August 2022, a joint advisory from CISA and the FBI has warned.
The newest advisory is a follow-up to a flash alert launched by the FBI in December 2021, which revealed that the gang had earned near $44 million in ransom funds after assaults on greater than 49 entities in 5 vital infrastructure sectors in the US. Since, the Cuba ransomware gang has introduced in a further $60 million from assaults towards 100 organizations globally, virtually half of the $145 million it demanded in ransom funds from these victims.
“For the reason that launch of the December 2021 FBI Flash, the variety of U.S. entities compromised by Cuba ransomware has doubled, with ransoms demanded and paid on the rise,” the 2 federal companies mentioned on Thursday.
Cuba ransomware actors, which have been energetic since 2019, proceed to focus on U.S. entities in vital infrastructure, together with monetary providers, authorities services, healthcare and public well being, vital manufacturing and data know-how.
In August this yr, the gang was linked to a ransomware assault concentrating on the nation state of Montenegro that focused authorities methods and different vital infrastructure and utilities, together with electrical energy, water methods and transportation. On the time of the assault, the Cuba ransomware gang claimed it had obtained “monetary paperwork, correspondence with financial institution workers, account actions, steadiness sheets, tax paperwork, compensation [and] supply code” from Montenegro’s parliament.
Cuba was additionally linked to a breach of California’s Division of Motor Automobiles in April this yr, which noticed the attackers compromise California car registration information that comprise names, addresses, license plate numbers and car identification numbers.
FBI and CISA added that the ransomware gang has modified its techniques, methods and procedures for the reason that begin of the yr and has been linked to the RomCom malware, a customized distant entry trojan for command and management, and the Industrial Spy ransomware.
The advisory notes that the group — which cybersecurity firm Profero beforehand linked to Russian-speaking hackers — sometimes extorts victims by threatening to leak stolen information. Whereas this information was sometimes leaked on Cuba’s darkish internet leak web site, it started promoting stolen information on Industrial Spy’s on-line market in Might this yr.
CISA and the FBI are urging at-risk organizations to prioritize patching recognized exploited vulnerabilities, to coach workers to identify and report phishing assaults and to allow and implement phishing-resistant multi-factor authentication.
The discharge of CISA and the FBI’s advisory comes because the Cuba ransomware gang continues to listing new victims on its web site. The latest additions embrace Generator Energy, a U.Ok.-based generator rent firm, and German media monitoring agency Landau Media.
