Pengendali perisian tebusan Cuba “diperolehi” $ 44 juta

Helga SmithDisember 8, 2021Kemas Kini Terakhir: Disember 8, 2021
1 bacaan minit

Pegawai dari Biro Siasatan Persekutuan (FBI) say Cuba ransomware operators earned at least $ 43.9 million this year.

In an emergency warning released the other day, yang FBI writes that the Cuba group hascompromised at least 49 organizations in five critical infrastructure sectors, including the financial and public sector, healthcare, manufacturing and IT.

Law enforcement officials say they tracked Cuba’s attacks on systems infected with the Hancitor perisian hasad, yang menggunakan e -mel phishing, kelayakan yang dikompromi, or brute-forcing RDP to access vulnerable Windows machines and exploits vulnerabilities in Microsoft Exchange. After Hancitor is infected, access to such a system is leased to other hackers using the Malware-as-a-Service model.

Cuba ransomware, upon compromise, installs and executes a CobaltStrike beacon as a service on the victim’s network via PowerShell. Once installed, the ransomware downloads two executable files, which include “pones.exe” for password acquisition and “krots.exe,” also known as KPOT, enabling the Cuba ransomware actors to write to the compromised system’s temporary (TMP) file. Further, Cuba ransomware actors use MimiKatz malware to steal credentials, and then use RDP to log into the compromised network host with a specific user account.FBI information security experts told.

While a McAfee report on Cuba last year found no link between the two groups, the FBI document says that now there appears to be a new partnership between the MaaS vendor and the ransomware. The published FBI document describes how a typical Hancitor-to-Cuba infection occurs and lists indicators of compromise.

The Record writes that before encrypting the victimsdata, Cuba operators steal information and then threaten to publish these files on their website on the darknet if the victim does not pay the ransom. According to data compiled by analysts at Recorded Future, the site has already listed 28 companies that have refused to pay.

The FBI said the $ 43.9 million was just actual payments to the victims, but initially the hackers demanded more than $ 74 million from the victims, but some refused to pay.

Izinkan saya mengingatkan anda bahawa kami juga melaporkannya Hive ransomware infected by MediaMarkt and its operators demand $ 240 juta.

Tag
Helga SmithDisember 8, 2021Kemas Kini Terakhir: Disember 8, 2021
1 bacaan minit

Helga Smith

Saya sentiasa berminat dalam sains komputer, terutamanya keselamatan data dan tema, yang dipanggil pada masa kini "sains data", sejak awal remaja saya. Sebelum menyertai pasukan Pembuangan Virus sebagai ketua Editor, Saya bekerja sebagai pakar keselamatan siber di beberapa syarikat, including one of Amazon's contractors. Satu lagi pengalaman: Saya ada mengajar di universiti Arden dan Reading.

Tinggalkan pesanan

Your email address will not be published. Required fields are marked *

Laman web ini menggunakan Akismet untuk mengurangkan spam. Ketahui cara data ulasan anda diproses.

Butang kembali ke atas