49 organizations from five sectors of the critical infrastructure were attacked by the ransomware group Cuba, according to the FBI. The damage is at least $ 43,9 million.
At the end of last week, the American FBI issued a warning warning of the machinations of the Cuba ransomware group. Recently, it appears to have been targeting companies in the finance, healthcare, manufacturing, information technology and government organizations that are part of the critical infrastructure in particular. The press release reported 49 known cases in which at least $ 43,9 million in ransom were extorted. As if that amount wasn't already high enough, the hackers' original claims were a whopping $ 74 million, according to FBI estimates.
Group demands $ 74 million ransom
The Cuba ransomware is spread by the Hancitor malware in order to gain access to Windows systems. This loader is known to infiltrate networks with malware such as Remote Access Trojans (RATs) and ransomware. It is spread through phishing emails, Microsoft Exchange vulnerabilities, compromised credentials, or legitimate Remote Desktop Protocol (RDP) tools to gain initial access to a victim's network. Then legitimate Windows services such as PowerShell, PsExec and other unspecified services are used, with which Windows administrator rights can then be exploited to run the actual ransomware and other processes remotely.
Once a victim's system is compromised, the ransomware installs and executes a Cobalt Strike beacon while two more files are downloaded. These two files in turn allow attackers to steal passwords and execute a TMP file on the compromised network, which calls the application programming interface (API). Then the TMP file will delete itself and the network will begin to communicate with a malware repository known to be on a URL in Montenegro.
High success rate of the hacking group
What is particularly surprising about this case is the success rate of the hacking group, because 43,9 million US dollars are an extremely high yield for a comparatively small number of attacks - also in comparison to other ransomware groups. The security company Emsisoft, for example, only registered around 105 attacks by the Cuba group this year. The much better known Conti ransomware group, on the other hand, had 653 attacks. This also allows conclusions to be drawn about the amounts of damage that ransomware causes year after year. If a comparatively small player can already capture such high sums of money, the profits of other, larger groups could be significantly higher - even above the previously known ransom sums.
More at 8com.de
About 8com The 8com Cyber Defense Center effectively protects the digital infrastructures of 8coms customers from cyber attacks. It includes security information and event management (SIEM), vulnerability management and professional penetration tests. It also offers the setup and integration of an Information Security Management System (ISMS) including certification according to current standards. Awareness measures, security training and incident response management round off the offer.