[CDP-development] CISA #StopRansomware: Cuba Ransomware - TLP: CLEAR

Masse, Theresa theresa.masse at cisa.dhs.gov
Fri Dec 2 07:41:24 PST 2022 

FYSA

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing a joint Cybersecurity Alert (CSA) on #StopRansomware: Cuba Ransomware<https://www.cisa.gov/uscert/ncas/alerts/aa22-335a> to disseminate known Cuba ransomware IOCs and TTPs associated with Cuba ransomware actors identified through FBI investigations, third-party reporting, and open-source reporting. This advisory updates the December 2021 FBI Flash: Indicators of Compromise Associated with Cuba Ransomware<https://urldefense.us/v3/__https:/www.ic3.gov/Media/News/2021/211203-2.pdf__;!!BClRuOV5cvtbuNI!Wh6WotxCRsddu5b1Q9qGb5a0T9d5R7wGz2WPzeCGI858KEzwT5lHxbVULVEKJaR_ZCMsbu9N0yM0$>.

Note: While this ransomware is known by industry as “Cuba ransomware,” there is no indication Cuba ransomware actors have any connection or affiliation with the Republic of Cuba.

Since the release of the December 2021 FBI Flash, the number of U.S. entities compromised by Cuba ransomware has doubled, with ransoms demanded and paid on the increase.

This year, Cuba ransomware actors have added to their TTPs, and third-party and open-source reports have identified a possible link between Cuba ransomware actors, RomCom Remote Access Trojan (RAT) actors, and Industrial Spy ransomware actors.

CISA Recommendations:

  *   Organizations should review Alert (AA22-335A) #StopRansomware: Cuba Ransomware and implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of Cuba ransomware and other ransomware operations.

We kindly request any incidents related to this product be reported to CISA at https://us-cert.cisa.gov/report, Central at cisa.dhs.gov<mailto:Central at cisa.dhs.gov>, or 888-282-0870.


Theresa A. Masse
Cybersecurity State Coordinator/Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image007.png at 01D90621.69CE3770]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20221202/c1938fab/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.png
Type: image/png
Size: 16152 bytes
Desc: image007.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20221202/c1938fab/attachment-0001.png>

More information about the CDP-development mailing list