The FBI and the U.S. Infrastructure and Cyber Security Agency (CISA) report that as of August 2022, Cuba ransomware operators have received more than $60 million in ransom from their victims (initially, the hackers requested more than $145 million in ransoms) and have attacked more than 100 organizations around the world.
The new security bulletin is a direct continuation of a similar document from a year ago. Let me remind you that in December 2021, it was reported that the Cuba ransomware brought its authors about $43.9 million, compromising at least 49 organizations.
We also wrote that Cuba Ransomware Variant Involves Double-Extortion Scheme.
The FBI also said that the $43.9 million was just actual payments to the victims, but the hackers originally demanded more than $74 million from the victims, but some refused to pay.
The FBI and CISA added that in the past year, it became known that ransomware has been improving its tactics and methods, and now they are associated with the RomCom remote access trojan (RAT) and Industrial Spy ransomware.
Law enforcement officers also said at the time that they tracked Cuba attacks on systems infected with the Hancitor malware, which uses phishing emails, exploits vulnerabilities in Microsoft Exchange, compromised credentials, or RDP brute force to access vulnerable Windows machines. Once Hancitor is infected, access to such a system is rented out to other hackers using the Malware-as-a-Service model.
Interestingly, the statistics of the ID-Ransomware platform do not allow to call the Cuba ransomware particularly active, and this only proves that even such a ransomware can have a huge impact on victims and bring profit to its operators.
