Cuba ransomware, AKA Fidel, was first discovered in late 2019 and rose to prominence in 2022. Cuba’s impact doubled year-over-year, compromising hundreds of victims—in 2022, it collected more than $60 million in ransom, prompting CISA and the FBI to issue flash alerts. Cuba ransomware’s official Tor-dot-onion-based website features a Cuban nationalist theme despite intel pointing to the group’s Russian membership: communications contain typical Russian misspellings. Cuba ransomware is affiliated with the small but disproportionately high-impact threat actors RomCom and Industrial Spy.
Cuba’s use of standard commercial software packing techniques is considered less sophisticated than state-sponsored malware, indicating Cuba is likely the product of a small but talented group of profit-seeking individuals. “Packing” refers to compressing software and required libraries into a single binary executable that is difficult to reverse-engineer or detect by antivirus scanners.
No Data Found
© ALL RIGHTS RESERVED TO DarkFeed 2023
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |