It turns out that an attacker using ransomware 'Cuba' received a ransom of 5 billion yen or more

FBI reports reveal that cybercriminals using ransomwareCuba attacked U.S. infrastructure and earned a total of more than $ 43.9 million in ransom in 2021 alone became.

Indicators of Compromise Associated with Cuba Ransomware
(PDF file) https://www.ic3.gov/Media/News/2021/211203-2.pdf

FBI says the Cuba ransomware gang made $ 43.9 million from ransom payments --The Record by Recorded Future
https://therecord.media/fbi-says-the-cuba-ransomware-gang-made-43-9-million-from-ransom-payments/

Cybercriminals using Cuba have been targeted by 49 American organizations involved in finance, government, medical care, manufacturing, and information technology. The attackers demanded a total of $ 74 million in ransom, of which at least $ 43.9 million was actually paid, the FBI said.

According to tech media The Record , cybercriminals using Cuba launched the following websites around January 2021 to 'give confidential files obtained without paying the ransom' to the attacked victims. It is threatening to make it public. '

According to the FBI, the attacker used phishing emails and vulnerabilities in Microsoft Exchange to incorporate the malware 'Hancitor ' into the attacked system and then infiltrated Cuba into the system via Hanctor. We are requesting victims to provide information that will help secure the criminal, such as communication logs, attacker's bitcoin wallet information, and encrypted file samples.

The FBI also said, 'We do not recommend paying the ransom. Even if you pay the ransom, the encrypted file will not be recovered.' 'If you are hit by a ransomware attack, whether or not you pay the ransom.' Please contact the authorities immediately. '