On Friday, the FBI published a warning about a ransomware group Cuba’s attacks that have managed to extort $43.9 million from victims. The hackers have compromised at least 49 entities involved in critical infrastructure sectors, including healthcare, manufacturing, IT, government and finance, says federal investigators.
According to the FBI, the attacks were done through a Windows-based malware program called Hancitor. This program has been around since 2013 and uses phishing emails, Microsoft Exchange vulnerabilities, compromised data and legitimate tools such as PowerShell and PsExec to gain initial access and help spread the Cuba ransomware program across a victim’s network. Aside from downloading malicious programs, spam email campaigns are also one way Hancitor can be delivered to infect a PC. It then proceeds to encrypt files across a computer with the file extension “.cuba.” The ransomware group threatened to dump them over a website on the Dark Web unless ransom is paid thus the victims have to pay up in Bitcoin to decrypt the files. Cuba ransomware actors have received at least $43.9 million out of the $74 million demanded amount.
Some security researchers in Israel suspect that although the ransomware gang uses the name Cuba, they are actually based in Russia, a country that refuses to extradite criminal hackers to the US.
This warning was issued by the FBI as the Biden administration has made it a national security priority to stop ransomware. Victims are urged to report a ransomware attack as soon as possible, otherwise it may be too late for the FBI to respond.