FBI, CISA say Cuba ransomware gang extorted $60M from victims this 12 months • TechCrunch

The Cuba ransomware gang extorted greater than $60 million in ransom funds from victims between December 2021 and August 2022, a joint advisory from CISA and the FBI has warned.

The most recent advisory is a follow-up to a flash alert launched by the FBI in December 2021, which revealed that the gang had earned near $44 million in ransom funds after assaults on greater than 49 entities in 5 crucial infrastructure sectors in the USA. Since, the Cuba ransomware gang has introduced in a further $60 million from assaults towards 100 organizations globally, virtually half of the $145 million it demanded in ransom funds from these victims.

“For the reason that launch of the December 2021 FBI Flash, the variety of U.S. entities compromised by Cuba ransomware has doubled, with ransoms demanded and paid on the rise,” the 2 federal companies stated on Thursday.

Cuba ransomware actors, which have been lively since 2019, proceed to focus on U.S. entities in crucial infrastructure, together with monetary providers, authorities amenities, healthcare and public well being, crucial manufacturing, and knowledge expertise.

In August this 12 months, the gang was linked to a ransomware assault concentrating on the nation state of Montenegro that focused authorities programs and different crucial infrastructure and utilities, together with electrical energy, water programs, and transportation. On the time of the assault, the Cuba ransomware gang claimed it had obtained “monetary paperwork, correspondence with financial institution staff, account actions, steadiness sheets, tax paperwork, compensation [and] supply code” from Montenegro’s parliament.

Cuba was additionally linked to a breach of California’s Division of Motor Autos in April this 12 months, which noticed the attackers compromise California car registration information that include names, addresses, license plate numbers, and car identification numbers.

FBI and CISA added that the ransomware gang has modified its ways, strategies, and procedures for the reason that begin of the 12 months and has been linked to the RomCom malware, a customized distant entry trojan for command and management, and the Industrial Spy ransomware.

The advisory notes that the group — which cybersecurity firm Profero beforehand linked to Russian-speaking hackers — sometimes extorts victims by threatening to leak stolen knowledge. Whereas this knowledge was sometimes leaked on Cuba’s darkish internet leak web site, it started promoting stolen knowledge on Industrial Spy’s on-line market in Could this 12 months.

CISA and the FBI are urging at-risk organizations to prioritize patching recognized exploited vulnerabilities, to coach staff to identify and report phishing assaults and to allow and implement phishing-resistant multi-factor authentication.

The discharge of CISA and the FBI’s advisory comes because the Cuba ransomware gang continues to listing new victims on its web site. The latest additions embrace Generator Energy, a U.Okay.-based generator rent firm, and German media monitoring agency Landau Media.