The Cuba ransomware, active since early 2020, is now being distributed through the Hancitor malware according to a report released today by Group-IB. Hancitor is a loader type malware that has been known to drop stealers, RATs and even other ransomware recently. Cuba ransomware operates a leak site for stolen data, much like the other, more well-known ransom groups. The report by Group-IB mentions nine victims currently listed as of April 28th, so the actors behind the ransomware may be hoping to increase their infection rate through this new partnership with Hancitor. The actors behind the ransomware appear to be using Cobalt Strike and PsExec before deploying the actual ransomware payload, similar to many other ransomware groups.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is