FBI Says the Cuba Ransomware Gang Made $43.9 Million from Ransom Payments

The US Federal Bureau of Investigations said today that the operators of the Cuba ransomware have earned at least $43.9 million from ransom payments following attacks carried out this year. From a report: In a flash alert sent out on Friday, the Bureau said the Cuba gang has "compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors." The FBI said it traced attacks with the Cuba ransomware to systems infected with Hancitor, a malware operation that uses phishing emails, Microsoft Exchange vulnerabilities, compromised credentials, or RDP brute-forcing tools to gain access to vulnerable Windows systems. Once systems are added to their botnet, Hancitor operators rent access to these systems to other criminal gangs in a classic Malware-as-a-Service model. While an April 2021 McAfee report on the Cuba ransomware found no connection between the two groups, the FBI report highlights what appears to be a new partnership between MaaS providers and ransomware gangs after other ransomware operations struck similar partnerships throughout 2020.

Read more of this story at Slashdot.