{"id":6720,"date":"2021-12-03T16:29:45","date_gmt":"2021-12-03T07:29:45","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=6720"},"modified":"2022-06-10T16:52:22","modified_gmt":"2022-06-10T07:52:22","slug":"fbi-releases-flash-alert-against-the-cuba-ransomware-gang","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/fbi-releases-flash-alert-against-the-cuba-ransomware-gang\/","title":{"rendered":"FBI releases flash alert against the Cuba ransomware gang"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"6720\" class=\"elementor elementor-6720\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-fefccc7 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"fefccc7\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7ed080e\" data-id=\"7ed080e\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a54f784 elementor-widget elementor-widget-text-editor\" data-id=\"a54f784\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>On Thursday 2<sup>nd<\/sup> of December 2021, the United States Federal Bureau of Investigation (FBI) released a joint TLP:WHITE flash alert which revealed the Cuba ransomware gang have compromised at least 49 organizations in five critical infrastructure sectors, including the financial, government, healthcare, manufacturing, and information technology sectors. The FBI also revealed that the Cuba ransomware variant is commonly distributed through the Hancitor malware which is a loader known for dropping and executing other malware and tools used by the threat actors. The threat actors behind the Hancitor malware use phishing emails, Microsoft Exchange vulnerabilities, compromised credentials, or legitimate Remote Desktop Protocol (RDP) tools to gain initial access to a victim\u2019s network. Furthermore, the Cuba ransomware gang use legitimate Windows services to gain and leverage Windows Admin privileges to execute their ransomware and other processes remotely.<\/p><p>This flash alert was released in coordination with the U.S. Department of Homeland Security (DHS) and Cybersecurity and Infrastructure Security Agency (CISA) to provide key cyber threat information to help security professionals and organisations to detect and counter ransomware attack attempts from the Cuba ransomware gang. The alert revealed that the Cuba ransomware gang have demanded at least $74 million and received up to the estimated amount of $43.9 million in ransom payments.<\/p><p>In the alert, the FBI asked for any information related to the Cuba ransomware gang and their activities to be shared with them. This information can include \u201cboundary logs showing communication to and from foreign IP addresses, Bitcoin wallet information, the decryptor file, and\/or a benign sample of an encrypted file.\u201d<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>On Thursday 2nd of December 2021, the United States Federal Bureau of Investigation (FBI) released a joint TLP:WHITE flash alert which revealed the Cuba ransomware gang have compromised at least 49 organizations in five critical infrastructure sectors, including the financial, government, healthcare, manufacturing, and information technology sectors. The FBI also revealed that the Cuba ransomware variant is commonly distributed through<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":6726,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[220,6,10,12,9,2,7,1],"tags":[],"class_list":["post-6720","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-government-advisory","category-latest_news","category-latest_vulnerabilities","category-read_article","category-ransomware_criminals","category-ce_news","category-by_country","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2022\/06\/cyenso8.jpg?fit=1379%2C913&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6720"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=6720"}],"version-history":[{"count":6,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6720\/revisions"}],"predecessor-version":[{"id":6730,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6720\/revisions\/6730"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/6726"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=6720"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=6720"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=6720"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}