Best Top Reviews Online

Cuba Ransomware Demanded Over $60 Million In Ransom Fees From Over 100 Organizations

As of August 2022, the threat actors behind Cuba’s (aka COLDDRAW) ransomware have received over $60 million in ransom payments and compromised over 100 entities worldwide.

In a new advisory, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) noted “a sharp increase in both the number of compromised U.S. entities and ransom amounts.”

The ransomware crew, also known as Tropical Scorpius, has been observed targeting financial services, government facilities, healthcare, critical manufacturing, and IT sectors while expanding its tactics to gain initial access and interact with compromised networks.

It is important to note that despite the title “Cuba,” there is no evidence that the actors have any connection or affiliation with the island nation.

The attacks begin with the exploitation of known security vulnerabilities, phishing, compromised credentials, and legitimate remote desktop protocol (RDP) tools, followed by the distribution of ransomware through Hancitor (aka Chanitor).

Some of the flaws Cuba has incorporated into its arsenal are as follows:

  • CVE-2022-24521 (CVSS score: 7.8) – A privilege escalation flaw exists in the Windows Common Log File System (CLFS) Driver.
  • CVE-2020-1472 (CVSS score: 10.0) – A privilege elevation flaw in the Netlogon remote protocol (aka ZeroLogon)

“In addition to deploying ransomware, the actors have used ‘double extortion’ techniques,” according to CISA. “They exfiltrate victim data, (1) demand a ransom payment to decrypt it, and (2) threaten to publicly release it if a ransom payment is not made.”

Recent findings from BlackBerry and Palo Alto Networks Unit 42 suggest that Cuba has ties to the operators of RomCom RAT and another ransomware family known as Industrial Spy.

The RomCom RAT is disseminated via trojanized versions of legitimate software such as SolarWinds Network Performance Monitor, KeePass, PDF Reader Pro, Advanced IP Scanner, pdf filler, and Veeam Backup & Replication that are hosted on imposter websites that resemble the real thing.

The advisory from the CISA and FBI is the most recent in a series of alerts the agencies have issued regarding various ransomware strains, including MedusaLocker, Zeppelin, Vice Society, Daixin Team, and Hive.

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
Security is a $10 Billion Business for Microsoft

January 28, 2021

NEWS ANALYSIS: Microsoft generated a staggering $10 billion in security-related revenues in the past year and is now a leader in enterprise cybersecurity. Microsoft’s decades-long transformation from an embarrassment to a legitimate cybersecurity powerhouse is yielding significant financial returns: over…

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of