Palo Alto Networks, along with its Unit 42 malware analysis team, presented initial research on new ransomware groups: BlueSky Ransomware and Cuba Ransomware. These are the main goals of the attackers.
BlueSky Ransomware is a new ransomware family that uses modern techniques to bypass security defenses. Unit 42 found code fingerprints of ransomware samples that can be linked to the Conti ransomware group. BlueSky is also very similar to Babuk ransomware.
BlueSky mainly targets Windows hosts and uses multithreading to encrypt files on the host, thus speeding up encryption.
The full blog post can be found here.
Cuba & BlueSky Ransomware
According to the FBI, the Cuba ransomware gang (aka Tropical Scorpius according to Unit 42 naming convention) raised at least $43,9 million in ransom payments and demanded at least $74 million. The ransomware uses double blackmail and has a leak site that includes a paid section where the blackmailers release leaks that have been sold to an interested party.
The most recent Unit 42 Ransomware Threat Report includes observations of Cuba ransomware impacting 33 organizations – with a total of 60 organizations exposed on its leak site since the group first surfaced in 2019. Of the 60 victims listed on the Cuba ransomware leak site, 40 were in the US — 66 percent of the total number of organizations allegedly affected.
More at PaloAltoNetworks.com
About Palo Alto Networks Palo Alto Networks, the global leader in cybersecurity solutions, is shaping the cloud-based future with technologies that transform the way people and businesses work. Our mission is to be the preferred cybersecurity partner and protect our digital way of life. We help you address the world's biggest security challenges with continuous innovation leveraging the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are the leaders in protecting tens of thousands of businesses across clouds, networks and mobile devices. Our vision is a world where every day is safer than the one before.