The Cuba Ransomware, also known as Colddraw Ransomware, was first identified in the threat landscape in 2019 and built a relatively small but selected list of victims. The group is also known as Fidel Ransomware, due to a characteristic marker placed at the beginning of all encrypted files. This file marker is used as an indicator for the ransomware and its decoder that the file has been encrypted.
Despite its name and the Cuban nationalist style on its leak site, it is difficult to assert any connection or affiliation with the Republic of Cuba. The group has been linked to a Russian-language threat actor by Profero researchers due to some details of incorrect translation they discovered, as well as the discovery of a 404 page containing text in Russian on the threat actor's own leak site.
According to BlackBerry, based on the analysis of the code strings used in the campaign analyzed in 2023, there were indications that the developer behind the Cuba ransomware speaks Russian.
The ransomware operators use a double extortion approach, and following the USA, in August 2022, it was believed that the Cuba ransomware group had compromised 101 entities, demanding $145 million in ransom payments and receiving up to $60 million.
The group used a similar set of TTPs, with only a slight change each year, as they generally consist of LOLBins (executables that are part of the operating system and can be exploited to support an attack), exploits, off-the-shelf and custom malware, as well as intrusion tools like Cobalt Strike and Metasploit.
In 2022, the group allegedly developed a relationship with operators of the Industrial Spy market, using their platform as a means of data leakage.
Source: https://github.com/crocodyli/ThreatActors-TTPs
dms-imaging
Discovery Date: 2024-02-01 16:34
Estimated Attack Date: 2024-02-01
DMS is a French industrial company specialized in digital radiology, with an international reach, and recognized as a key actor and an indispensable partner in creating value through the quality of our solutions as well as our...
deknudtframes.be
Discovery Date: 2024-01-22 10:22
Estimated Attack Date: 2024-01-18
Our teamOur team in Deerlijk consists of enthusiastic and motivated people with passion for their profession. The management, sales, logistics, purchasing, accounting, customer service and marketing are ready for you on a daily...
diagnostechs
Discovery Date: 2023-11-14 11:26
HistoryEstablished in 1987, DiagnosTechs was the first laboratory to introduce saliva hormone testing into routine clinical practice. In 1995, DiagnosTechs added saliva and stool-based gastrointestinal and food sensitivity testing,...
portadelaidefc
Discovery Date: 2023-11-13 18:57
PORT ADELAIDE is renowned for setting the bar high and expecting success, and the club’s latest strategic vision embraces that expectation.Unveiled at the club’s Annual General Meeting on Friday night, Chasing Greatness is...
panaya
Discovery Date: 2023-11-07 08:33
About PANAYAPanaya’s Change Intelligence solutions reduce the time, cost, and risk involved in change to business applications like SAP®, Oracle® EBS, and Salesforce.com. Date the files were received: 02...
prime-art
Discovery Date: 2023-11-07 08:33
For PAJ, your success is our success.Jewelry making is an art and a science. We are constantly improving and optimizing our skills while integrating cutting-edge technology.By always delivering a troy grain more than anticipated, we...
Newconcepttech
Discovery Date: 2023-10-23 19:06
FROM A SINGLE START-UP TO A MULTI-MILLION DOLLAR COMPANYOur prosperity is due to three interlocking factors: the first, being our customers, who have always come first.The second, our employees, who are passionate about serving our...
mountstmarys
Discovery Date: 2023-10-10 11:37
Mount St Mary’s is rightly proud of its extensive heritage dating back over 160 years. The original vision to educate all young people in the local area remains at the core of our work. Our mission is to ensure individual...
co.rock.wi.us
Discovery Date: 2023-10-03 10:03
Estimated Attack Date: 2023-09-29
Rock County Public Health DepartmentThe Rock County Public Health Department (RCPHD) is a level III health department in Rock County, Wisconsin. Our staff serves over 160,000 people in more than 25 cities, villages, and towns. As a...
goldmedalbakery
Discovery Date: 2023-08-19 16:02
Gold Medal Bakery aspires to follow three core values in every aspect of its business.Integrity: Gold Medal has built its reputation on meeting the needs of our customers and the millions of consumers they serve. Thus, integrity is...
hydrex.co.uk
Discovery Date: 2023-07-31 12:54
Established in 1985, with 13 depots and one support centre nationwide, Hydrex is one of the largest suppliers of outsourced mobile plant solutions in the UK.Hydrex has a fleet totaling over 1200 machines. The company has invested in...
txmplant.co.uk
Discovery Date: 2023-07-31 12:54
At TXM Plant we know that the services we provide are critical to the success of our customers’ projects. That’s why we put the customer at the centre of everything that we do.Awarded ‘Gold’ standard in Network...
gis4.addison-il
Discovery Date: 2023-07-11 08:51
More than 36,000 people call the Village of Addison home. Whether you are new to our community, or have lived here for years, we want you to get acquainted with our community. We also want to make it easy for you to stay...
Inquirer
Discovery Date: 2023-05-23 08:52
Estimated Attack Date: 2023-05-14
About The Philadelphia Inquirer, PBCSince 1829, The Philadelphia Inquirer has been “asking on behalf of the people” of Philadelphia and the region by providing essential journalism. Locally owned and headquartered in...
Vdi
Discovery Date: 2023-05-10 13:47
Užtikrindami oruma darbe mes užtikriname ir pamatines žmogaus teisesValstybines darbo inspekcijos (VDI) misija – orus darbas. Spalio 7-aja minint Diena už oru darba VDI primena, kad tarpusavio pagarba ir saugumas darbe saugo...
Gihealthcare
Discovery Date: 2023-05-04 08:49
Your health is our top priority. We specialize in digestive system care and will guide you through every step – whether it’s a routine colon screening, major liver or pancreas issue, or a weight loss journey. With three...
pu.edu.lb
Discovery Date: 2022-12-27 12:31
Phoenicia University (PU) is a non-profit, private, and nonsectarian officially licensed institution of higher education. The University comprises six colleges: Architecture and Design, Arts and Sciences, Business, Engineering, Law...
Sae-a
Discovery Date: 2022-12-20 13:10
From yarn-production through its fabric mills that draw on in new innovation and technology, to retail operations in Korea, SAE-A has become one of the few apparel manufacturers capable of achieving complete vertical-integration of...
2networkit
Discovery Date: 2022-12-12 09:25
Landaumedia
Discovery Date: 2022-12-01 14:25
Generator-power
Discovery Date: 2022-12-01 14:25
Boss-inc
Discovery Date: 2022-12-01 14:25
Patton
Discovery Date: 2022-11-30 14:30
Pmc-group
Discovery Date: 2022-11-24 15:03
waltersandwolf
Discovery Date: 2022-11-09 09:26
bfw
Discovery Date: 2022-11-04 17:45
Ville-chaville
Discovery Date: 2022-11-04 17:45
Murphyfamilyventures
Discovery Date: 2022-11-04 17:45
Ginspectionservices
Discovery Date: 2022-11-04 17:45
Dialogsas
Discovery Date: 2022-11-04 17:45
usairports
Discovery Date: 2022-11-04 10:19
trant.co.uk
Discovery Date: 2022-11-04 10:19
the_rose_executive_team
Discovery Date: 2022-11-04 10:19
technicote
Discovery Date: 2022-11-04 10:19
stm.com.tw
Discovery Date: 2022-11-04 10:19
site-technology_
Discovery Date: 2022-11-04 10:19
schultheis-ins
Discovery Date: 2022-11-04 10:19
quercus
Discovery Date: 2022-11-04 10:19
otrcapital
Discovery Date: 2022-11-04 10:19
ohagin
Discovery Date: 2022-11-04 10:19
nwdusa
Discovery Date: 2022-11-04 10:19
ncmutuallife2
Discovery Date: 2022-11-04 10:19
meriplex
Discovery Date: 2022-11-04 10:19
megaforce
Discovery Date: 2022-11-04 10:19
lycra
Discovery Date: 2022-11-04 10:19
linkmfg
Discovery Date: 2022-11-04 10:19
learning_resources
Discovery Date: 2022-11-04 10:19
landofrost
Discovery Date: 2022-11-04 10:19
innovairre
Discovery Date: 2022-11-04 10:19
get-integrated
Discovery Date: 2022-11-04 10:19
gascaribe
Discovery Date: 2022-11-04 10:19
forefront_dermatology
Discovery Date: 2022-11-04 10:19
first_coast_logistics_services
Discovery Date: 2022-11-04 10:19
e.h._wachs_pipe_cutters
Discovery Date: 2022-11-04 10:19
datamatics
Discovery Date: 2022-11-04 10:19
creditriskmonitor
Discovery Date: 2022-11-04 10:19
blackhawk
Discovery Date: 2022-11-04 10:19
berding-weil
Discovery Date: 2022-11-04 10:19
bcintlgroup.com
Discovery Date: 2022-11-04 10:19
axley
Discovery Date: 2022-11-04 10:19
afts
Discovery Date: 2022-11-04 10:19
Skupstina
Discovery Date: 2022-11-04 10:19
ginspectionservices
Discovery Date: 2022-09-27 11:11
skupstina
Discovery Date: 2022-08-30 12:51
site-technology
Discovery Date: 2022-07-21 12:57
stm-com-tw
Discovery Date: 2022-07-07 10:24
r1group
Discovery Date: 2022-06-27 11:53
etron
Discovery Date: 2022-06-13 18:03
upskwt
Discovery Date: 2022-05-17 15:30
fronteousa
Discovery Date: 2022-05-16 10:29
prophoenix
Discovery Date: 2022-04-22 15:27
metrobrokers
Discovery Date: 2022-04-22 14:38
tavistock
Discovery Date: 2022-04-12 09:24
metagenics
Discovery Date: 2022-04-08 11:20
bcintlgroup-com
Discovery Date: 2022-03-30 10:20
trant-co-uk
Discovery Date: 2022-03-30 08:23
haltonhills
Discovery Date: 2022-03-23 18:27
powertech
Discovery Date: 2022-03-23 10:33
ids97
Discovery Date: 2022-02-25 17:30
muntons
Discovery Date: 2022-02-18 18:25
heritage-encon
Discovery Date: 2022-02-18 18:25
shoesforcrews
Discovery Date: 2022-02-04 09:20
edgo
Discovery Date: 2022-02-04 09:20
cmmcpas
Discovery Date: 2022-02-04 09:20
mtlcraft
Discovery Date: 2022-01-25 08:29
superfund
Discovery Date: 2022-01-13 13:27
fdcbuilding
Discovery Date: 2022-01-13 09:22
strongwell
Discovery Date: 2022-01-10 10:22
sonomatic-2
Discovery Date: 2022-01-10 10:22
regulvar
Discovery Date: 2022-01-10 10:22
delinebox
Discovery Date: 2022-01-10 10:22
cle
Discovery Date: 2022-01-10 10:22
squamish
Discovery Date: 2021-12-30 01:51
sonomatic
Discovery Date: 2021-12-30 01:51
ncmutuallife
Discovery Date: 2021-12-30 01:51
lahebert
Discovery Date: 2021-12-30 01:51
bakertilly
Discovery Date: 2021-12-30 01:51
atlasdie
Discovery Date: 2021-12-30 01:51
The Squamish Nation is comprised of descendants of the Coast Salish Aboriginal peoples who
Discovery Date: 2021-09-09 23:46
First Coast Logistics Services, Inc. was founded in 1999. The Company's line of business i
Discovery Date: 2021-09-09 23:46
Datamatics is a technology company that builds intelligent solutions enabling data-driven
Discovery Date: 2021-09-09 23:46
Rose Associates Mission Statement
Discovery Date: 2021-09-09 23:46
AFTS supplies the preeminent Payment Processing, IRS 1031 Exchange, Data Processing, Invoi
Discovery Date: 2021-09-09 23:46
OTR Capital believes in simple and straightforward transactions, without hidden costs and
Discovery Date: 2021-09-09 23:46
Automatic Funds Transfer Services Inc. (vendor to city of Bainbridge Island)
Discovery Date: 2021-02-03 00:00
