RansomLook logo RansomLook

Cuba

Compare
Parsing: enabled Known RaaS

View crypto

Description

Cuba ransomware, active since at least 2019, is a financially motivated threat group operating a double-extortion scheme—encrypting files and exfiltrating data to pressure victims. It has targeted government agencies, healthcare providers, critical infrastructure, financial institutions, and manufacturing firms, primarily in the United States, Canada, and Europe. Distribution often involves the Hancitor (Chanitor) malware loader, phishing campaigns, and exploitation of vulnerabilities in public-facing services such as Microsoft Exchange. Cuba employs RSA and AES encryption, typically appending the .cuba extension to affected files, and drops ransom notes instructing victims to contact the attackers via Tor-based portals. In December 2021, the FBI reported that Cuba ransomware operators had compromised at least 49 entities in U.S. critical infrastructure sectors, stealing data and demanding multimillion-dollar ransoms.

External Analysis20
External Analysis
https://www.mcafee.com/enterprise/en-us/assets/reports/rp-cuba-ransomware.pdf
https://digital.nhs.uk/cyber-alerts/2021/cc-3855
https://blog.group-ib.com/hancitor-cuba-ransomware
https://docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3
https://id-ransomware.blogspot.com/2019/12/cuba-ransomware.html
https://lab52.io/blog/cuba-ransomware-analysis/
https://shared-public-reports.s3-eu-west-1.amazonaws.com/Cuba+Ransomware+Group+-+on+a+roll.pdf
https://unit42.paloaltonetworks.com/cuba-ransomware-tropical-scorpius/
https://www.aon.com/cyber-solutions/aon_cyber_labs/yours-truly-signed-av-driver-weaponizing-an-antivirus-driver/
https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-to-deploy-cuba-ransomware/
https://www.elastic.co/security-labs/cuba-ransomware-campaign-analysis
https://www.elastic.co/security-labs/cuba-ransomware-malware-analysis
https://www.fortinet.com/blog/threat-research/ransomware-roundup-gwisin-kriptor-cuba-and-more
https://www.guidepointsecurity.com/blog/using-hindsight-to-close-a-cuba-cold-case/
https://www.ic3.gov/Media/News/2021/211203-2.pdf
https://www.it-connect.fr/le-ransomware-cuba-sen-prend-aux-serveurs-exchange/
https://www.mandiant.com/resources/unc2596-cuba-ransomware
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-threat-report-a-quick-primer-on-cuba-ransomware
https://www.mcafee.com/enterprise/en-us/assets/reports/rp-cuba-ransomware.pdf
https://www.trendmicro.com/en_us/research/22/f/cuba-ransomware-group-s-new-variant-found-using-optimized-infect.html
Ransom notes1
Tox1
Tox
37790E2D198DFD20C9D2887D4EF7C3E2951BB84248D192689B64DCCA3C8BD808A1895676B271
Urls2
Url
Status
Screen
Uptime 30d
Health
http://cuba4mp6ximo2zlo.onion Down Screen
0%
http://cuba4ikm4jakjgmkezytyawtdgr2xymvy6nvzgw5cglswg3si76icnqd.onion/ Down Screen
0%
File servers2
Url
Status
Screen
Uptime 30d
Health
http://i34gbmo5rxx3bxc4yl7f4erkyo2oldwavhpdragnjjvhni6fwvptp2id.onion Down
0%
https://kcfgfs7cclscxloy3bf2xtwnayimawtzrbfirfbvl47xt7n2brfiizyd.onion/ Down
0%
Activity (interactive) 105
Activity charts
Posts105
Date Title Description Screen
dms-imaging Screen
deknudtframes.be Screen
diagnostechs Screen
portadelaidefc Screen
panaya Screen
prime-art Screen
Newconcepttech Screen
mountstmarys Screen
co.rock.wi.us Screen
goldmedalbakery Screen
hydrex.co.uk Screen
txmplant.co.uk Screen
gis4.addison-il Screen
Inquirer
Vdi Screen
2networkit Screen
Sae-a Screen
pu.edu.lb Screen
Gihealthcare Screen
cuba4ikm4jakjgmkezytyawtdgr2xymvy6nvzgw5cglswg3si76icnqd.onion Screen
learning_resources Screen
usairports Screen
first_coast_logistics_services Screen
e.h._wachs_pipe_cutters Screen
datamatics Screen
the_rose_executive_team Screen
afts Screen
otrcapital Screen
forefront_dermatology Screen
innovairre Screen
megaforce Screen
gascaribe Screen
quercus Screen
blackhawk Screen
lycra Screen
technicote Screen
berding-weil Screen
nwdusa Screen
creditriskmonitor Screen
linkmfg Screen
axley Screen
schultheis-ins Screen
meriplex Screen
ohagin Screen
landofrost Screen
ncmutuallife2 Screen
get-integrated Screen
trant.co.uk Screen
bcintlgroup.com Screen
stm.com.tw Screen
site-technology_ Screen
Skupstina Screen
Ginspectionservices Screen
Murphyfamilyventures Screen
Ville-chaville Screen
Dialogsas Screen
bfw Screen
waltersandwolf Screen
Patton Screen
Boss-inc Screen
Landaumedia Screen
Generator-power Screen
company
ginspectionservices
skupstina
site-technology
stm-com-tw
r1group Screen
etron Screen
upskwt Screen
fronteousa
prophoenix Screen
metrobrokers Screen
tavistock
metagenics Screen
trant-co-uk
bcintlgroup-com
haltonhills
powertech Screen
ids97
muntons Screen
heritage-encon
cmmcpas Screen
shoesforcrews Screen
edgo Screen
mtlcraft Screen
superfund Screen
fdcbuilding Screen
cle Screen
strongwell Screen
sonomatic-2
regulvar Screen
delinebox Screen
squamish Screen
bakertilly Screen
sonomatic Screen
atlasdie Screen
ncmutuallife Screen
lahebert Screen
The Squamish Nation is comprised of descendants of the Coast Salish Aboriginal peoples who
First Coast Logistics Services, Inc. was founded in 1999. The Company's line of business i
Datamatics is a technology company that builds intelligent solutions enabling data-driven
Rose Associates Mission Statement
AFTS supplies the preeminent Payment Processing, IRS 1031 Exchange, Data Processing, Invoi
OTR Capital believes in simple and straightforward transactions, without hidden costs and
Note