A Cuban…. Yes Cuban Ransomware Gang Scores A Big Payday

Here’s a story that I thought I would never be writing. A Cuba Ransomware Gang Hauls in $44M in Payouts. That’s right. A ransomware gang in Cuba. The gang used a variety of tools and malware to carry out attacks in volume on critical sectors, warned the FBI in a flash alert.

Anurag Gurtu, CPO, StrikeReady (www.strikeready.co) had this to say:

Cuba ransomware is known to targets victims’ personal files such as photos, videos, and documents. This attack involves using CryptGenRandom API call to generate keys for encryption of files using a custom algorithm. It’s not uncommon to see this ransomware gang using a Russian linked malware –  Hancitor, aka Chanitor malware.  

Hancitor spreads via social engineering techniques mainly through phishing e-mails embedded with malicious links and weaponized Microsoft Office documents containing malicious macros in them. And its attack chain often begins with the threat actor sending out fake DocuSign malspam emails, which results in a victim unknowingly downloading a Trojanized Microsoft Word document. Once the fake DocuSign document is opened and its malicious macro code is allowed to run, Hancitor will reach out to its command and control (C2) infrastructure to receive a malicious URL containing a sample of Ficker to download.

Companies need to work on ensuring that their employees are equipped with the tools to avoid being phished. Because if the threat doesn’t get in, nothing bad will happen. And that’s the best form of protection.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: