back to article Cuba ransomware gang scores almost $44m in ransom payments across 49 orgs, say Feds

The US Federal Bureau of Investigation (FBI) says 49 organisations, including some in government, were hit by Cuba ransomware as of early November this year. The attacks were spread across five "critical infrastructure", which, besides government, included the financial, healthcare, manufacturing, and – as you'd expect – IT …

  1. Anonymous Coward
    Anonymous Coward

    At some point these ransomware attack need to be met with real world force. Send a drone or two and see how many people want to roll the dice. Because people can die from ransomware attacks. And adversarial nations need to start policing within, or the US should start greenlighting attacks by hacker group against those nations and even support them

    1. Roland6 Silver badge

      >Send a drone or two

      Where to?

      Just because this has been labelled "Cuba ransonware", doesn't mean any of the disperate threat actors using it to collect payments are resident in Cuba...

      1. Yet Another Anonymous coward Silver badge

        Re: Where to?

        Redmond of course !

      2. martinusher Silver badge

        We in the US have a list of countries we don't like which we pick from when we need some kind of bad actor or threat to cite. This one's a bit novel because we've done our very best to keep Cuba isolated from the Internet for years (there's absolutely no question of it being directly connected to the US despite Havana only being 90 miles from the US -- they had to wait for a much longer undersea cable to be laid).

        1. doublelayer Silver badge

          I think Cuba is the name assigned to the ransomware group, likely from names they use themselves, rather than an attempt to attribute the behavior to the country of the same name. I was looking for information to prove this, but they seem to be quite new as an attacker and most searches are just giving me a bunch of articles about this same announcement. None of the ones I've read have said that the country of Cuba has a connection to these, and if it did, they would be likely to call it "Cuban ransomware" to indicate its origin. I'm pretty sure therefore that it's just a name.

          Update: PC Mag says it's probably based in Russia.

          1. Roland6 Silver badge

            >Update: PC Mag says it's probably based in Russia.

            Which from the evidence of the various Climate hacks in 2009 and the Stuxnet trail, is just a cover address for some operation based in the US...

            Which given the seeming maturity etc of the ransomware infrastructure, does suggest it might share a parentage with Stuxnet...

      3. Snake Silver badge

        Re: where to?

        I'll agree with this. Decades of American embargoes have let to the general inability of Cubans to get modem products. From televisions to cars, they operate years to decades in the past.

        Yet somehow we are supposed to believe that enough of this population have access to computers, in order to learn their intrinsic operations, then enough of a percentage of these individuals go rouge and form a criminal malware enterprise, with control servers and all??

        Really? I've got several bridges to sell you over several famous rivers, too.

        If this indeed an attack based in Cuba, I more readily believe a state-backed program. Otherwise, I suspect that the Cuba link is just that, a link in the network server chain that leads back to a society with greater every day, every man access to the levels of technology and know-how to pull this off convincingly.

        1. doublelayer Silver badge

          Re: where to?

          Really, I get that the name collides, but the article never says it's based in Cuba or has any connection. Nor does any other article. Nobody is telling you that Cubans did this. The Cuba name was based on technical not geographical conditions. Therefore, you're jumping to conclusions about the reliability of information based on something it never said.

    2. doublelayer Silver badge

      For a direct military response, where would you have them strike? A lot of ransomware is individual criminals working remotely. Would you have their houses destroyed from above? Their neighbors would not approve. Even when a country ignores their actions, they aren't hosting them in a location that can be targeted. If they did and someone attacked it, that would be an act of war. Since they don't, it would be an act of war and a war crime at the same time. Perhaps a bit extreme.

      For a hacking response, I don't think there's anything preventing someone trying to hack the systems used by criminals. The authorities are unlikely to arrest someone for doing it, in large part because the criminals are unlikely to report the crime to them. Providing support for such privateering, on the other hand, would lead to similar complaints that the supporting government is also helping criminals.

      I think some harsher responses are justified, but these ones are risky or unethical.

  2. Kev99 Silver badge

    Some day the idiots who believe the internet is, secure, and free will realise what a huge mistake it is to place their confidential, proprietary, financial, business critical, or otherwise more important than life itself data on what is a bunch of holes held together with string. For decades dedicated lines worked just fine. The only other way to prevent such nefarious attacks is to remove, preferably with extreme prejudice, the most vulnerable element from the equation - humans.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022