Nowadays, the perpetrators of ransomware have gotten more clever in their methods, using complex strategies such as double extortion, in which they not only encrypt the victim's files but also threaten to reveal vital data if the ransom is not paid. They may also use propaganda and scareware, in which they circulate false information about the victim to raise the pressure placed on the family to pay the ransom.
On 1 December 2022, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint alert warning against the continuous assaults by the Cuba ransomware group. As of August 2022, government agencies reported that the threat actors behind the group had penetrated over one hundred different companies.
According to the updated counsel, the Cuba ransomware group has coerced its way into earning proceeds adding up to more than $60 million (up from $43 million in December 2021). This represents an increase from the $145 million demanded from the 100+ organizations it successfully targeted. This brings the total ransom money collected from each victim to an average of $600k.
Tracing the Origins of Cuba Ransomware
Cuba ransomware has been operating for years. However, as we have recently seen with other significant ransomware attacks, the perpetrators have recently shifted to exposing the stolen information in the aftermath of a data breach to boost its effect and profitability. In most cases, it is acknowledged that the Cuba ransomware gang infiltrates computers and gains access by exploiting vulnerabilities already known in commercial software. It also uses phishing campaigns, stolen credentials, and legal remote desktop protocol (RDP) applications to spread the Hancitor loader, which drops stealers and launches Remote Access Trojans (RATs) to acquire access to more computers.
Despite its name, the ransomware and its perpetrators have no known connection to Cuba. The current caution is supposedly an update to a December 2021 FBI Flash notice. This warning contains revised tactics, techniques, and procedures (TTPs) and indications of compromise (IOCs). Cuba ransomware actors continue to successfully target US organizations, compromising 49 enterprises in five critical infrastructure sectors, including financial services, government facilities, healthcare, critical manufacturing, and IT.
According to McAfee, the infection vectors that perpetrate the attack are unknown. Nevertheless, as soon as the attackers have gained access to the network, they will run a series of PowerShell scripts to migrate laterally and install the subsequent stages. Recently, the data that the attackers obtained was published online at the following address: http:// cuba4mp6ximo2zlo[.]onion.
How Enterprises Should Defend Their Operations
These malicious actors are ready to attack anytime, taking essential systems and data hostage until the demanded ransom is paid. But companies may defend themselves against attackers and the malicious schemes they devise when they have the appropriate tools and risk management methods.
Conducting Gap Analysis
In this pursuit, conducting a gap analysis assists in the identification of flaws and dangers inside a company's security program. Organizations may remain one step ahead of possible attackers and strengthen their defenses by performing systematic gap analyses and keeping track of the results.
However, gap analysis is only the first step. To protect enterprises from ransomware, they must adopt a complete cybersecurity program. This involves setting up firewalls, anti-virus software, and intrusion detection systems and keeping them updated. In addition, it entails training staff on spotting and clearing phishing emails and harmful websites, adopting solid passwords and limiting access to critical data.
Deploying Penetration Testing
Penetration testing is an essential component of a comprehensive risk management approach. This entails simulating a cyber assault on a company's systems to find vulnerabilities and flaws that hackers may exploit. In this manner, a well-prepared enterprise may dramatically minimize the risk of a data breach or ransomware attack by detecting and fixing these vulnerabilities before an actual assault happens.
Establishing an Exhaustive Risk Management Security Program
Pursuing a robust cybersecurity strategy should include not just technological controls but also comprehensive policies and processes for reacting to and recovering from a security breach. This may include data backup and recovery procedures, incident response strategies, and frequent training for personnel on the best practices for data security.
Subsequently, establishing a risk management program to evaluate the probability of prospective risks and their potential severity will assist businesses in prioritizing their efforts and allocating money to the regions that pose the most significant dangers.
Training & Educating Employees
Cyber training may aid in fostering a culture of security inside an organization. By educating employees on the significance of cybersecurity and their role in securing the organization's systems and data, businesses can create a culture that values security and encourages employees to safeguard the company's assets actively. Employee cyber training reduces the likelihood of a cyber-attack by educating staff on recognizing and avoiding possible threats. This is particularly critical regarding phishing, which often focuses on fooling people into divulging vital information or clicking on dangerous links. Companies may substantially lower their chance of falling victim to a phishing attack or other cyber risk by teaching their workers how to identify such assaults.
Implementing a robust security program and performing a gap analysis and penetration testing regularly may assist a business in reducing the risk of a cybersecurity event. By proactively protecting their systems and data, companies may lessen the chance of a ransomware attack or data breach and assure their systems' continued security and integrity.
Truvantis is committed to assisting companies in protecting themselves against Cuba ransomware assaults and other cyber threats. We have the experience to protect your operations and the data they contain, whether you require assistance with implementing, testing, or administering a streamlined security program.
Contact Truvantis to enhance your risk management and cyber capabilities!
Truvantis® is a cybersecurity consulting organization providing best-in-class cybersecurity services to secure your organization's infrastructure, data, operations, and products. We specialize in helping our customers improve their cybersecurity posture by implementing, testing, auditing, and operating information security programs.