In a new flash alert, the FBI has warned about Cuba ransomware, a threat actor that as of early November 2021 impacted roughly 50 organizations in five critical infrastructure sectors including financial, government, healthcare, manufacturing and information technology sectors.
According to the federal agency, the hacking group managed to obtain approximately $44 million in ransom payments.
Cuba ransomware actors have demanded at least US $74 million and received at least US $43.9 million in ransom payments.
The fact that the Cuba ransomware threat actor initially demanded 74$ M but got only 44$ M shows that some businesses are willing to pay a ransom while others prefer to report the ransomware attacks and not pay a dime.
Although the FBI did not name any specific victims, it did warn last month that the gang is focusing on tribal casinos across the United States.
Cuba Ransomware M.O.
As explained by the bureau, the ransomware is distributed via Hancitor malware, also known as Tordal and Chanitor. Hancitor is a loader that has been around since 2014 and it is distributed by its developers through malspam.
This loader is notorious for dropping or executing stealers, such as Remote Access Trojans (RATs) and other