Category: Cuba Ransomware

Microsoft issued a press update that Cuba Ransomware gang were after its exchange servers after exploiting critical server-side request forgery (SSRF) vulnerability. Incidentally, the same flaw is also being exploited by ‘Play’ Ransomware group that hacked into the cloud servers of Rackspace via an OWASSRF exploit.

Windows OS giant says that the threat actors were striking the servers after bypassing ProxyNotShell URL rewrite abilities.

Both the vulnerabilities that are now being used by two gangs spreading ransomware were identified and patched by the Redmond giant at the end of November 2022.

The report is also available to customers using Microsoft 365 defender, and Defender endpoint plan 2 or for business subscribers holding a premium plan.

Coming the earnings statistics of Cuba Ransomware, the said notorious gang of criminals struck around 100 targets till August last year on a global note and raked in $60 million in ransoms.

Surprisingly, the gang members are not very active online, thus making it difficult to track them down. They either launch attack campaigns at the end of months or in the past months of a year and end their activities by August of every year.

It is unclear whether they go on a holiday afterwards or hired for the capabilities by other gangs.

FBI issued an advisory in December last year stating that the Cuba gang is after US Critical infrastructure, as they have already targeted 49 organizations, including companies that are into generation and distribution of power and a water utility. As the impact was minimal, the activity went unnoticed by the media, but was notified to the Biden administration.

Argentina’s Judiciary of Cordoba, Belgium City of Antwerp, Rackspace and the German H-Hotels are some of its targeted companies for now.

 

The post Cuba Ransomware gang hacking Microsoft Exchange Servers appeared first on Cybersecurity Insiders.

FBI, in association with CISA, issued a joint statement claiming Cuba Ransomware gang has raked in $60 million in ransom from over 100 victims worldwide. And they attained the monetary benefits in just one month, i.e., August 2022.

The advisory was issued as a follow up to a similar statement issued at the same time last year and has warned that organizations which are into the management of US Critical Infrastructure should be extra vigilant about the ongoing threat.

Ransomware is a kind of malware that allows the hacker to steal data and then encrypt a database until a ransom is paid. Many state-funded actors along with individuals are nowadays getting over-involved in this business as it guaranty’s a pay for sure.

In the past two months, the FBI gained intelligence from its sources that Cuba Ransomware gang was showing a lot of interest in firms involved in public health, manufacturing, financial services, government services and Information Technology. And might increase the ransom from $60m per target to $145m.

Federal Bureau of Investigation is urging companies not to pay any payment to the hackers as it not only encourages crime but also doesn’t guarantee a decryption key in return.

Furthermore, the hackers can take this payment scheme as an opportunity to strike the organization twice or thrice.

NOTE- Australian government is planning to impose a ban on cryptocurrency as it will help curb the spread of ransomware crime certainly. However, a formal law has to be drafted and passed on this note. And that’s not an effortless task for the politicians as prevalence and curb of digital currency is next to impossible, virtually.

 

The post CUBA Ransomware gained $60 million ransom from 100 victims appeared first on Cybersecurity Insiders.