The FBI and CISA released a joint advisory about the extent of financial damage that the notorious Cuba ransomware gang caused this year.
According to the statement, between December 2021 and August 2022, the notorious group of hackers managed to extort over $60 million in ransom from more than 100 victims around the world.
Cuba Ransomware Steals Millions in Ransom Payments
According to a report by Techcrunch, the recent advisory serves as a follow-up to the December 2021 report, where the agency discovered nearly $44 million of stolen money across the United States.
The dangerous group of cybercriminals reportedly hit over 49 organizations in five sectors of the country at that time.
"Since the release of the December 2021 FBI Flash, the number of U.S. entities compromised by Cuba ransomware has doubled, with ransoms demanded and paid on the increase," the two federal agencies said in a joint statement last Thursday, Dec. 1.
Additionally, the FBI and CISA noted that the gang has consistently improved its strategies since 2019. The authorities believed that the Cuba ransomware threat actors have a connection to the Industrial Spy ransomware and RomCom Remote Access Trojan (RAT).
Related Article: LockBit 3.0 Accounts For 40% of the Total Ransomware Cases in August 2022 - Security Awareness Missing?
How Cuba Ransomware Gang Spreads Malware
In a separate report by Bleeping Computer, the Cuba ransomware hackers are said to be deploying malicious payloads via its malware downloader called Hancitor.
After using the Hancitor, the gang will deliver various forms of ransomware to attack the systems of the victims.
More importantly, the tactics vary in every exploitation they conduct. From deploying phishing emails to destroying the system via RDP (Remote Desktop Protocol) tools, the Cuba ransomware gang remains relentless in every series of cyberattacks.
After gaining access to the systems, the team will proceed to infect the devices connected to the networks. As such, the actors utilize PsExec, PowerShell, and other Windows-related services to carry out cyber warfare.
At this point, they will continue to bombard the system with a ton of malware, then encrypt the files and documents with the .cuba extension.
FBI says that the Cuba ransomware gang's whereabouts can be tracked by identifying the name of each member, the IP addresses where they log in, traces of ransom notes, crypt transaction data, and more.
Furthermore, the federal agency pointed out that giving ransom payments to the culprit does not mean that the victim's data will not be leaked anywhere.
The best thing that a ransom victim should do during this situation is to immediately contact the FBI field offices for support and assistance in the case.
As for the companies affected by the malware deployment, the FBI suggests that they should regularly conduct patching to get rid of vulnerabilities within the network.
It's also important to train the employees on handling phishing attempts through various authentication techniques like 2FA.
Read Also: Yanluowang Ransomware Hackers Steal 55GB of Data From Cisco Network
