Derek B. Johnson – The Cuba ransomware group has doubled its number of American victims over the past year, infecting at least 65 U.S. entities across a broad range of critical infrastructure sectors and stealing more than $60 million in ransom payment through August 2022, according to a new joint advisory by the FBI and the Cybersecurity and Infrastructure Security Agency.

That’s an increase from the 49 U.S. victims and $43 million in ransom payments detailed in a December 2021 FBI flash alert. Many of the organizations targeted by the group are designated as critical infrastructure, with the agencies flagging the financial services, government, healthcare, manufacturing and information technology sectors as top targets.

Cuba ransomware has also compromised at least an additional 36 entities outside of the U.S. over that same period.

To do this, the group has mostly been “living off the land” to carry out attacks, relying on a mix of known vulnerabilities, phishing campaigns, commercial remote desktop tools and stolen credentials to gain access to victim systems and deploy malware.

However, citing research from Palo Alto Networks, the agencies said that since May 2022, the group has been observed deploying a number of new tactics, techniques and procedures. According to Palo Alto Networks’ Unit 42 security research team, those changes include the use of the ROMCOM RAT malware family, the ZeroLogon vulnerability, local privilege escalation exploits and a kernel driver that specifically targets security products. Read On: