The Federal Bureau of Investigation (FBI) has released an alert regarding the "Cuba" ransomware, which has compromised 49 critical infrastructure organizations across five sectors.
The Cuba ransomware group uses Hancitor malware, a loader that drops or executes stealers such as remote access trojans (RATs) onto targeted networks. Organizations compromised by the ransomware span sectors including healthcare, finance, information technology, manufacturing and government.
The FBI found that Cuba ransomware actors exploited legitimate Windows service, including PowerShell, PsExec and others, to gain Windows Admin access to networks and launch cyberattacks.
To date, the cyber actors behind Cuba ransomware have received over $43 million in ransom payments.