A Cuban…. Yes Cuban Ransomware Gang Scores A Big Payday

Here’s a story that I thought I would never be writing. A Cuba Ransomware Gang Hauls in $44M in Payouts. That’s right. A ransomware gang in Cuba. The gang used a variety of tools and malware to carry out attacks in volume on critical sectors, warned the FBI in a flash alert.

Anurag Gurtu, CPO, StrikeReady (www.strikeready.co) had this to say:

Cuba ransomware is known to targets victims’ personal files such as photos, videos, and documents. This attack involves using CryptGenRandom API call to generate keys for encryption of files using a custom algorithm. It’s not uncommon to see this ransomware gang using a Russian linked malware –  Hancitor, aka Chanitor malware.  

Hancitor spreads via social engineering techniques mainly through phishing e-mails embedded with malicious links and weaponized Microsoft Office documents containing malicious macros in them. And its attack chain often begins with the threat actor sending out fake DocuSign malspam emails, which results in a victim unknowingly downloading a Trojanized Microsoft Word document. Once the fake DocuSign document is opened and its malicious macro code is allowed to run, Hancitor will reach out to its command and control (C2) infrastructure to receive a malicious URL containing a sample of Ficker to download.

Companies need to work on ensuring that their employees are equipped with the tools to avoid being phished. Because if the threat doesn’t get in, nothing bad will happen. And that’s the best form of protection.

Leave a Reply

%d bloggers like this: