CyberWire Daily - CISA Alert AA22-335A – #StopRansomware: Cuba Ransomware [CISA Cybersecurity Alerts]
Episode Date: December 7, 2022The FBI and CISA are releasing this alert to disseminate known Cuba Ransomware Group indicators of compromise and TTPs identified through FBI investigations. FBI and CISA would like to thank BlackBerr...y, ESET, The National Cyber-Forensics and Training Alliance (NCFTA), and Palo Alto Networks for their contributions to this CSA. AA22-335A Alert, Technical Details, and Mitigations For a downloadable copy of IOCs, see AA22-335A.stix Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered 5th, 2022.
CISA and FBI are releasing this joint advisory to disseminate known Cuba ransomware IOCs and TTPs associated with Cuba ransomware actors identified through FBI investigations, third-party reporting, and open-source reporting.
This advisory updates the December 2021 FBI flash, indicators of compromise associated with Cuba ransomware.
While this ransomware is known by industry as Cuba ransomware,
there is no indication Cuba ransomware actors have any connection or affiliation with the Republic of Cuba.
Since the release of the December 2021 FBI flash,
the number of U.S. entities compromised by Cuba ransomware has doubled.
As of August 2022, FBI entities compromised by Cuba ransomware has doubled. As of August 2022,
FBI has identified that Cuba ransomware actors have compromised over 100 entities worldwide and demanded over 145 million U.S. dollars and received over 60 million U.S. dollars in ransom
payments. This year, Cuba ransomware actors have added to their TTPs and third-party and
open-source reports have identified a possible link between Cuba ransomware actors, rom-com remote-access Trojan actors, and industrial spy ransomware actors.
FBI and CISA encourage organizations to implement the recommendations in the mitigation section of this alert to reduce the likelihood and impact of Cuba ransomware and other ransomware operations.
and impact of Cuba ransomware and other ransomware operations.
The alert documentation linked in the show notes includes known exploited vulnerabilities,
indicators of compromise, TTPs, and mitigation actions.
Victims of ransomware operations should report the incident
to their local FBI field office or CISA.
To report incidents and anomalous activity
or to request incident response resources or technical assistance,
contact CISA at report at cisa.gov or call 888-282-0870
or report incidents to your local FBI field office.
This report was written by CISA,
the United States Cybersecurity and Infrastructure Security Agency,
and edited and adapted for audio by the Cyber Wire as a public service.
Please visit www.cisa.gov to read the full report, which may include additional details, links, and illustrations. This has been a CISA Cybersecurity Alert.