Cuban Ransomware Gang Active In U.S.

According to the FBI, a Cuban ransomware gang has compromised the networks of at least 49 organizations “including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors.” The group has made more than $40 million since it started targeting U.S. companies. The ransomware it uses is delivered through the Hancitor malware downloader, known for delivering information stealers, Remote Access Trojans (RATs), and other types of ransomware. It compromises victims’ systems using phishing emails or stolen credentials, and exploits Microsoft Exchange vulnerabilities. The “flash alert” issued by the FBI asks systems administrators who detect Cuba ransomware activity in their enterprise networks to share the information with their local FBI Cyber Squad, and added that the bureau does not encourage ransomware payments. There is no guarantee that paying will prevent data leaks or future attacks.