FBI, CISA Say Cuba Ransomware Gang Extorted $60 Million From Victims This Year

An anonymous reader quotes a report from TechCrunch: The Cuba ransomware gang extorted more than $60 million in ransom payments from victims between December 2021 and August 2022, a joint advisory from CISA and the FBI has warned. The latest advisory is a follow-up to a flash alert (PDF) released by the FBI in December 2021, which revealed that the gang had earned close to $44 million in ransom payments after attacks on more than 49 entities in five critical infrastructure sectors in the United States. Since, the Cuba ransomware gang has brought in an additional $60 million from attacks against 100 organizations globally, almost half of the $145 million it demanded in ransom payments from these victims. "Since the release of the December 2021 FBI Flash, the number of U.S. entities compromised by Cuba ransomware has doubled, with ransoms demanded and paid on the increase," the two federal agencies said on Thursday.

Cuba ransomware actors, which have been active since 2019, continue to target U.S. entities in critical infrastructure, including financial services, government facilities, healthcare and public health, critical manufacturing and information technology. [...] FBI and CISA added that the ransomware gang has modified its tactics, techniques and procedures since the start of the year and has been linked to the RomCom malware, a custom remote access trojan for command and control, and the Industrial Spy ransomware. The advisory notes that the group -- which cybersecurity company Profero previously linked to Russian-speaking hackers -- typically extorts victims by threatening to leak stolen data. While this data was typically leaked on Cuba's dark web leak site, it began selling stolen data on Industrial Spy's online market in May this year. CISA and the FBI are urging at-risk organizations to prioritize patching known exploited vulnerabilities, to train employees to spot and report phishing attacks and to enable and enforce phishing-resistant multi-factor authentication.

ban paying the ransom

[bloodhawk]

how about doing something far simpler and more practical, make it fucking illegal to pay the hackers. If you take away the monetary incentive it will do exponentially more than any security campaign (though that is still needed).

that much money

[FudRucker]

it would have been cheaper to hire assassins to go to cuba and assassinate the ransomware gang

Re:

[Antique Geekmeister]

Cuba remains difficult to enter for US and other allied nations. And Cuban security is not so much security theatre security theatre as that in the US. They do traffic in weapons, they have a large-for-their-size conscript army to work with, The _Cubans_ take it very seriously, and it's an opportunity to confiscate tourist luggage for an impoverished nation.

You know it would sure help with this?

[rsilvergun]

If we normalized relations with Cuba so that we could have extradition treaties and have our law enforcement work with theirs. Of course can't do that because DeSantis wants to be president. Electoral politics are a bitch.

And I don't want to hear one peep from anyone complaining that Cuba isn't a free country. The same people who say that are the ones who stan for Putin and look the other way for China and Saudi Arabia. They were the same people calling for blood after 9/11 too.

Re:

[rsilvergun]

Because that worked great for Iran & Afghanistan and Iraq and....

Theese seem petty

[bumblebees]

It kind of seems petty with some gangs stealing 60million when you have someone in the open stealing billions claiming "he did not know". Suddelny it seems his iq dropped by half in interviews

Article brought to you by the ministry of love.

[MrL0G1C]

$60 million, that's peanuts in fraud terms per country these days... "US$ 20 billion in 2021" AKA 20,000 million of which Cuba is responsible for only $60 million.

Smells like prejudice to me and that stinks.