{"id":71450,"date":"2022-12-05T03:43:00","date_gmt":"2022-12-05T08:43:00","guid":{"rendered":"http:\/\/blog.cybercon1.com\/?p=71450"},"modified":"2023-03-07T16:43:18","modified_gmt":"2023-03-07T21:43:18","slug":"cuba-ransomware-infections-of-us-organizations-have-doubled-in-last-year","status":"publish","type":"post","link":"https:\/\/blog.cyberconservices.com\/index.php\/2022\/12\/05\/cuba-ransomware-infections-of-us-organizations-have-doubled-in-last-year\/","title":{"rendered":"Cuba ransomware infections of US organizations have doubled in last year"},"content":{"rendered":"\n<p><a href=\"https:\/\/www.scmagazine.com\/author\/derek-b-johnson\">Derek B.&nbsp;Johnson<\/a> &#8211; The Cuba <strong>ransomware<\/strong> group has doubled its number of American victims over the past year, infecting at least 65 U.S. entities across a broad range of critical infrastructure sectors and stealing more than $60 million in ransom payment through August 2022, according to a new joint advisory by the FBI and the Cybersecurity and Infrastructure Security Agency.<\/p>\n\n\n\n<p>That\u2019s an increase from the 49 U.S. victims and $43 million in ransom payments <a href=\"https:\/\/www.scmagazine.com\/analysis\/ransomware\/fbi-says-one-ransomware-group-has-hit-49-critical-infrastructure-entities\" target=\"_blank\" rel=\"noreferrer noopener\">detailed<\/a> in a December 2021 FBI flash alert. Many of the organizations targeted by the group are designated as critical infrastructure, with the agencies flagging the financial services, government, healthcare, manufacturing and information technology sectors as top targets.<\/p>\n\n\n\n<p>Cuba ransomware has also compromised at least an additional 36 entities outside of the U.S. over that same period.<\/p>\n\n\n\n<p> To do this, the group has mostly been \u201cliving off the land\u201d to carry out attacks, relying on a mix of known vulnerabilities, phishing campaigns, commercial remote desktop tools and stolen credentials to gain access to victim systems and deploy malware.<\/p>\n\n\n\n<p>However, citing research from Palo Alto Networks, the agencies said that since May 2022, the group has been observed deploying a number of new tactics, techniques and procedures. According to Palo Alto Networks&#8217; Unit 42 security research team, <a rel=\"noreferrer noopener\" href=\"https:\/\/unit42.paloaltonetworks.com\/cuba-ransomware-tropical-scorpius\/\" target=\"_blank\">those changes include<\/a> the use of the ROMCOM RAT malware family, the ZeroLogon vulnerability, local privilege escalation exploits and a kernel driver that specifically targets security products.  <a href=\"https:\/\/www.google.com\/url?rct=j&amp;sa=t&amp;url=https:\/\/www.scmagazine.com\/analysis\/ransomware\/cuba-ransomware-infections-of-us-organizations-have-doubled-in-last-year-feds-say&amp;ct=ga&amp;cd=CAEYASoUMTA2NjIyMjUxMjk2NjcxMjAwNDUyGmY5NWQ3ZDU3NzU5MmRlMjE6Y29tOmVuOlVT&amp;usg=AOvVaw1yTTrZ8nF_8FppsdvlgFQE\" target=\"_blank\" rel=\"noreferrer noopener\">Read On:<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Derek B.&nbsp;Johnson &#8211; The Cuba ransomware group has doubled its number of American victims over the past year, infecting at least 65 U.S. entities across a broad range of critical infrastructure sectors and stealing more than $60 million in ransom <span class=\"excerpt-dots\">&hellip;<\/span> <a class=\"more-link\" href=\"https:\/\/blog.cyberconservices.com\/index.php\/2022\/12\/05\/cuba-ransomware-infections-of-us-organizations-have-doubled-in-last-year\/\"><span class=\"more-msg\">Continue reading &rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":76430,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[636],"tags":[637],"class_list":["post-71450","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ransomware","tag-ransomware"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/blog.cyberconservices.com\/wp-content\/uploads\/2022\/12\/havana-1376099_1920-1536x1024-1.jpg","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/posts\/71450","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/comments?post=71450"}],"version-history":[{"count":0,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/posts\/71450\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/media\/76430"}],"wp:attachment":[{"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/media?parent=71450"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/categories?post=71450"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/tags?post=71450"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}