The Cuba Ransomware, also known as Colddraw Ransomware, was first identified in the threat landscape in 2019 and built a relatively small but selected list of victims. The group is also known as Fidel Ransomware, due to a characteristic marker placed at the beginning of all encrypted files. This file marker is used as an indicator for the ransomware and its decoder that the file has been encrypted.
Despite its name and the Cuban nationalist style on its leak site, it is difficult to assert any connection or affiliation with the Republic of Cuba. The group has been linked to a Russian-language threat actor by Profero researchers due to some details of incorrect translation they discovered, as well as the discovery of a 404 page containing text in Russian on the threat actor's own leak site.
According to BlackBerry, based on the analysis of the code strings used in the campaign analyzed in 2023, there were indications that the developer behind the Cuba ransomware speaks Russian.
The ransomware operators use a double extortion approach, and following the USA, in August 2022, it was believed that the Cuba ransomware group had compromised 101 entities, demanding $145 million in ransom payments and receiving up to $60 million.
The group used a similar set of TTPs, with only a slight change each year, as they generally consist of LOLBins (executables that are part of the operating system and can be exploited to support an attack), exploits, off-the-shelf and custom malware, as well as intrusion tools like Cobalt Strike and Metasploit.
In 2022, the group allegedly developed a relationship with operators of the Industrial Spy market, using their platform as a means of data leakage.
Source: https://github.com/crocodyli/ThreatActors-TTPs
Victims (103)
dms-imaging
FR
Healthcare
Discovered: Feb 1, 2024 · Attack est.: Jan 31, 2024
DMS is a French industrial company specialized in digital radiology, with an international reach, and recognized as a key actor and an indispensable partner in creating value through the quality...
deknudtframes.be
BE
Manufacturing
Discovered: Jan 22, 2024 · Attack est.: Jan 18, 2024
Our teamOur team in Deerlijk consists of enthusiastic and motivated people with passion for their profession. The management, sales, logistics, purchasing, accounting, customer service and marketing are ready for you...
diagnostechs
Healthcare
Discovered: Nov 14, 2023 · Attack est.: Nov 14, 2023
HistoryEstablished in 1987, DiagnosTechs was the first laboratory to introduce saliva hormone testing into routine clinical practice. In 1995, DiagnosTechs added saliva and stool-based gastrointestinal and food sensitivity testing,...
portadelaidefc
AU
Consumer Services
Discovered: Nov 13, 2023 · Attack est.: Nov 13, 2023
PORT ADELAIDE is renowned for setting the bar high and expecting success, and the club’s latest strategic vision embraces that expectation.Unveiled at the club’s Annual General Meeting on Friday night,...
panaya
Technology
Discovered: Nov 7, 2023 · Attack est.: Nov 7, 2023
About PANAYAPanaya’s Change Intelligence solutions reduce the time, cost, and risk involved in change to business applications like SAP®, Oracle® EBS, and Salesforce.com. Date the files were received: 02...
prime-art
Consumer Services
Discovered: Nov 7, 2023 · Attack est.: Nov 7, 2023
For PAJ, your success is our success.Jewelry making is an art and a science. We are constantly improving and optimizing our skills while integrating cutting-edge technology.By always delivering a troy...
Newconcepttech
Technology
Discovered: Oct 23, 2023 · Attack est.: Oct 23, 2023
FROM A SINGLE START-UP TO A MULTI-MILLION DOLLAR COMPANYOur prosperity is due to three interlocking factors: the first, being our customers, who have always come first.The second, our employees, who...
mountstmarys
Education
Discovered: Oct 10, 2023 · Attack est.: Oct 10, 2023
Mount St Mary’s is rightly proud of its extensive heritage dating back over 160 years. The original vision to educate all young people in the local area remains at the...
co.rock.wi.us
US
Public Sector
Discovered: Oct 3, 2023 · Attack est.: Sep 28, 2023
Rock County Public Health DepartmentThe Rock County Public Health Department (RCPHD) is a level III health department in Rock County, Wisconsin. Our staff serves over 160,000 people in more than...
goldmedalbakery
Agriculture and Food Production
Discovered: Aug 19, 2023 · Attack est.: Aug 19, 2023
Gold Medal Bakery aspires to follow three core values in every aspect of its business.Integrity: Gold Medal has built its reputation on meeting the needs of our customers and the...
hydrex.co.uk
GB
Construction
Discovered: Jul 31, 2023 · Attack est.: Jul 31, 2023
Established in 1985, with 13 depots and one support centre nationwide, Hydrex is one of the largest suppliers of outsourced mobile plant solutions in the UK.Hydrex has a fleet totaling...
txmplant.co.uk
GB
Construction
Discovered: Jul 31, 2023 · Attack est.: Jul 31, 2023
At TXM Plant we know that the services we provide are critical to the success of our customers’ projects. That’s why we put the customer at the centre of everything...
gis4.addison-il
Public Sector
Discovered: Jul 11, 2023 · Attack est.: Jul 11, 2023
More than 36,000 people call the Village of Addison home. Whether you are new to our community, or have lived here for years, we want you to get acquainted with...
Inquirer
Consumer Services
Discovered: May 23, 2023 · Attack est.: May 13, 2023
About The Philadelphia Inquirer, PBCSince 1829, The Philadelphia Inquirer has been “asking on behalf of the people” of Philadelphia and the region by providing essential journalism. Locally owned and headquartered...
Vdi
LT
Public Sector
Discovered: May 10, 2023 · Attack est.: May 10, 2023
Užtikrindami oruma darbe mes užtikriname ir pamatines žmogaus teisesValstybines darbo inspekcijos (VDI) misija – orus darbas. Spalio 7-aja minint Diena už oru darba VDI primena, kad tarpusavio pagarba ir saugumas...
Gihealthcare
Healthcare
Discovered: May 4, 2023 · Attack est.: May 4, 2023
Your health is our top priority. We specialize in digestive system care and will guide you through every step – whether it’s a routine colon screening, major liver or pancreas...
pu.edu.lb
Education
Discovered: Dec 27, 2022 · Attack est.: Dec 27, 2022
Phoenicia University (PU) is a non-profit, private, and nonsectarian officially licensed institution of higher education. The University comprises six colleges: Architecture and Design, Arts and Sciences, Business, Engineering, Law...
Sae-a
Manufacturing
Discovered: Dec 20, 2022 · Attack est.: Dec 20, 2022
From yarn-production through its fabric mills that draw on in new innovation and technology, to retail operations in Korea, SAE-A has become one of the few apparel manufacturers capable of...
2networkit
Technology
Discovered: Dec 12, 2022 · Attack est.: Dec 12, 2022
Landaumedia
Business Services
Discovered: Dec 1, 2022 · Attack est.: Dec 1, 2022
Generator-power
Energy
Discovered: Dec 1, 2022 · Attack est.: Dec 1, 2022
Boss-inc
Manufacturing
Discovered: Dec 1, 2022 · Attack est.: Dec 1, 2022
Patton
Discovered: Nov 30, 2022 · Attack est.: Nov 30, 2022
Pmc-group
Manufacturing
Discovered: Nov 24, 2022 · Attack est.: Nov 24, 2022
waltersandwolf
Construction
Discovered: Nov 9, 2022 · Attack est.: Nov 9, 2022
bfw
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
Ville-chaville
Public Sector
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
Murphyfamilyventures
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
Dialogsas
Business Services
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
usairports
Transportation/Logistics
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
trant.co.uk
GB
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
the_rose_executive_team
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
technicote
Technology
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
stm.com.tw
TW
Manufacturing
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
site-technology_
Technology
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
schultheis-ins
Financial Services
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
quercus
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
otrcapital
Financial Services
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
ohagin
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
nwdusa
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
ncmutuallife2
Financial Services
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
meriplex
Business Services
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
megaforce
Transportation/Logistics
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
lycra
Manufacturing
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
linkmfg
Manufacturing
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
learning_resources
Education
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
landofrost
Agriculture and Food Production
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
innovairre
Technology
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
get-integrated
Business Services
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
gascaribe
Energy
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
forefront_dermatology
Healthcare
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
first_coast_logistics_services
Transportation/Logistics
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
e.h._wachs_pipe_cutters
Manufacturing
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
datamatics
Business Services
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
creditriskmonitor
Financial Services
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
blackhawk
Manufacturing
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
berding-weil
Manufacturing
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
bcintlgroup.com
Business Services
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
axley
Business Services
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
afts
Manufacturing
Discovered: Nov 4, 2022 · Attack est.: Nov 4, 2022
ginspectionservices
Business Services
Discovered: Sep 27, 2022 · Attack est.: Sep 27, 2022
skupstina
Public Sector
Discovered: Aug 30, 2022 · Attack est.: Aug 30, 2022
site-technology
Technology
Discovered: Jul 21, 2022 · Attack est.: Jul 21, 2022
stm-com-tw
Discovered: Jul 7, 2022 · Attack est.: Jul 7, 2022
r1group
Discovered: Jun 27, 2022 · Attack est.: Jun 27, 2022
etron
Technology
Discovered: Jun 13, 2022 · Attack est.: Jun 13, 2022
upskwt
Discovered: May 17, 2022 · Attack est.: May 17, 2022
fronteousa
Business Services
Discovered: May 16, 2022 · Attack est.: May 16, 2022
prophoenix
Technology
Discovered: Apr 22, 2022 · Attack est.: Apr 22, 2022
metrobrokers
Financial Services
Discovered: Apr 22, 2022 · Attack est.: Apr 22, 2022
tavistock
Healthcare
Discovered: Apr 12, 2022 · Attack est.: Apr 12, 2022
metagenics
Healthcare
Discovered: Apr 8, 2022 · Attack est.: Apr 8, 2022
bcintlgroup-com
Discovered: Mar 30, 2022 · Attack est.: Mar 30, 2022
trant-co-uk
Discovered: Mar 30, 2022 · Attack est.: Mar 30, 2022
haltonhills
Public Sector
Discovered: Mar 23, 2022 · Attack est.: Mar 23, 2022
powertech
Energy
Discovered: Mar 23, 2022 · Attack est.: Mar 23, 2022
ids97
Discovered: Feb 25, 2022 · Attack est.: Feb 25, 2022
muntons
Agriculture and Food Production
Discovered: Feb 18, 2022 · Attack est.: Feb 18, 2022
heritage-encon
Construction
Discovered: Feb 18, 2022 · Attack est.: Feb 18, 2022
shoesforcrews
Consumer Services
Discovered: Feb 4, 2022 · Attack est.: Feb 4, 2022
edgo
Transportation/Logistics
Discovered: Feb 4, 2022 · Attack est.: Feb 4, 2022
cmmcpas
Financial Services
Discovered: Feb 4, 2022 · Attack est.: Feb 4, 2022
mtlcraft
Manufacturing
Discovered: Jan 25, 2022 · Attack est.: Jan 25, 2022
superfund
Discovered: Jan 13, 2022 · Attack est.: Jan 13, 2022
fdcbuilding
Construction
Discovered: Jan 13, 2022 · Attack est.: Jan 13, 2022
strongwell
Manufacturing
Discovered: Jan 10, 2022 · Attack est.: Jan 10, 2022
sonomatic-2
Discovered: Jan 10, 2022 · Attack est.: Jan 10, 2022
regulvar
Discovered: Jan 10, 2022 · Attack est.: Jan 10, 2022
delinebox
Discovered: Jan 10, 2022 · Attack est.: Jan 10, 2022
cle
Discovered: Jan 10, 2022 · Attack est.: Jan 10, 2022
squamish
Discovered: Dec 29, 2021 · Attack est.: Dec 29, 2021
sonomatic
Technology
Discovered: Dec 29, 2021 · Attack est.: Dec 29, 2021
ncmutuallife
Financial Services
Discovered: Dec 29, 2021 · Attack est.: Dec 29, 2021
lahebert
Business Services
Discovered: Dec 29, 2021 · Attack est.: Dec 29, 2021
bakertilly
Financial Services
Discovered: Dec 29, 2021 · Attack est.: Dec 29, 2021
atlasdie
Manufacturing
Discovered: Dec 29, 2021 · Attack est.: Dec 29, 2021
The Squamish Nation is comprised of descendants of the Coast Salish Aboriginal peoples who
Public Sector
Discovered: Sep 9, 2021 · Attack est.: Sep 9, 2021
First Coast Logistics Services, Inc. was founded in 1999. The Company's line of business i
Transportation/Logistics
Discovered: Sep 9, 2021 · Attack est.: Sep 9, 2021
Datamatics is a technology company that builds intelligent solutions enabling data-driven
Technology
Discovered: Sep 9, 2021 · Attack est.: Sep 9, 2021
Rose Associates Mission Statement
Business Services
Discovered: Sep 9, 2021 · Attack est.: Sep 9, 2021
AFTS supplies the preeminent Payment Processing, IRS 1031 Exchange, Data Processing, Invoi
Financial Services
Discovered: Sep 9, 2021 · Attack est.: Sep 9, 2021
OTR Capital believes in simple and straightforward transactions, without hidden costs and
Financial Services
Discovered: Sep 9, 2021 · Attack est.: Sep 9, 2021
Automatic Funds Transfer Services Inc. (vendor to city of Bainbridge Island)
US
Financial Services
Discovered: Feb 2, 2021 · Attack est.: Feb 2, 2021