Cuba is a financially motivated ransomware-as-a-service (RaaS) operation that first emerged in December 2019. Despite its name, the group has no known ties to the Republic of Cuba and is strongly assessed to be of Russian origin, indicated by language artifacts and its ransomware's self-termination on systems with Russian language settings. The group employs a double extortion model, encrypting victim data and threatening to publicly leak exfiltrated sensitive information if ransom demands are not met. By August 2022, Cuba had reportedly compromised over 100 entities worldwide, demanding more than $145 million and receiving approximately $60 million in ransom payments. The group continuously evolves its tactics, techniques, and procedures, operating under various aliases including ColdDraw, Tropical Scorpius, and Fidel.

Paises afectados

URLs nuevas detectadas en IntelTracker