ผู้ดำเนินการแรนซัมแวร์ของคิวบา “ได้รับ” $ 44 ล้าน

Officials from the Federal Bureau of Investigation (FBI) say Cuba ransomware operators earned at least $ 43.9 million this year.

In an emergency warning released the other day, ที่ FBI writes that the Cuba group has “compromised at least 49 organizations in five critical infrastructure sectors, including the financial and public sector, healthcare, manufacturing and IT.”

Law enforcement officials say they tracked Cuba’s attacks on systems infected with the Hancitor มัลแวร์, which uses phishing emails, compromised credentials, or brute-forcing RDP to access vulnerable Windows machines and exploits vulnerabilities in ไมโครซอฟต์ Exchange. After Hancitor is infected, access to such a system is leased to other hackers using the Malware-as-a-Service model.

While a McAfee รายงาน on Cuba last year found no link between the two groups, the FBI document says that now there appears to be a new partnership between the MaaS vendor and the ransomware. The published FBI document describes how a typical Hancitor-to-Cuba infection occurs and lists indicators of compromise.

บันทึก writes that before encrypting the victims’ data, Cuba operators steal information and then threaten to publish these files on their website on the darknet if the victim does not pay the ransom. According to data compiled by analysts at Recorded Future, the site has already listed 28 companies that have refused to pay.

ฉันขอเตือนคุณว่าเรารายงานเรื่องนี้ด้วย Hive ransomware infected by MediaMarkt and its operators demand $ 240 ล้าน.