Cuba Ransomware Hit 49 Critical Infrastructure Companies, Extracted $44m in Ransom
According to SpiceWorks, "The FBI has raised an alarm about the Cuba ransomware gang compromising critical infrastructure companies at an alarming rate and with great success. The cybercriminals have extracted at least $43.9 million in ransom payments from at least 49 entities in five critical infrastructure sectors over the past year.
Not too long ago, law enforcement agencies broadcasted a string of significant successes in the fight against ransomware cartels. These included the dismantling of DarkSide, BlackMatter, and REvil ransomware infrastructures and sanctioning a Russian cryptocurrency exchange frequented by cybercriminals. However, as we saw in the case of REvil, ransomware operators have mastered the art of setting up new criminal infrastructure as soon as existing ones are dismantled.
Which is why the collection of vast amounts of money by cybercriminals in the form of ransom in untraceable cryptocurrency continues unabated. In October, the U.S. Treasury Department said that victim organizations paid a total of $590 million to ransomware operators in the first six months of 2021. A Mimecast survey also revealed that 39% of organizations paid a ransom to restore operations, with U.S.-based organizations paying $6,312,190 on average.
Earlier in December, the FBI raised an alert about a rarely-heard-before but powerful ransomware gang prowling around the critical infrastructure street. The Cuba ransomware gang, it said, compromised at least 49 entities in five critical infrastructure sectors by early November. Targeting financial, government, healthcare, manufacturing, and IT organizations, the gang demanded $74 million and received at least $43.9 million in ransom payments."
"The scale of the attack, which also led to AFTS’ clients suffering large-scale breaches, immediately put the ransomware gang under the spotlight. Even though it curiously chose the name Cuba and used pictures of Fidel Castro and Ernesto Che Guevara in its branded images, the gang is possibly composed of Russian-speaking cybercriminals. In May, Israeli cybersecurity firms Profero and Security Joes said they spotted a typo made by the gang during a conversation with one of its victims. The typo indicated the gang was translating words like ‘server’ from Russian to English."