Ransomware
Cuba
First seen: 2019-12 • Status: active
Currently Active Threat
Cuba ransomware (not from Cuba) targets American hospitals and infrastructure. It uses advanced techniques.
Overview
Cuba ransomware has no relation to the country. It targets US critical infrastructure and uses sophisticated initial access.
Also Known As
COLDDRAW, Cuba Ransomware
How It Spreads
- • Hancitor
- • Exploitation
- • Initial access brokers
What It Does
- • File encryption
- • Data theft
- • Critical infrastructure targeting
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor for Hancitor
- • Watch critical infrastructure
MITRE ATT&CK Techniques
T1486, T1567
If You're Infected
- 1.
Report to CISA
- 2.
Engage incident response
Related Malware
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required