Since spring 2022, Cuba ransomware actors have deployed new TTPs to compromise networks. According to Palo Alto Networks Unit 42, these actors move laterally through compromised environments while using tools to evade detection.
“In addition to deploying ransomware, the actors have used ‘double extortion’ techniques, in which they exfiltrate victim data, and (1) demand a ransom payment to decrypt it and, (2) threaten to publicly release it if a ransom payment is not made,” states the CSA.
A foreign healthcare organization was compromised by Cuba ransomware actors deploying Industrial Spy ransomware.
How Health Systems Can Protect Themselves from Cuba Ransomware
Healthcare organizations can take several steps to mitigate the effects of a Cuba ransomware attack. Among them are implementing a data recovery plan, requiring all accounts with password logins to comply with National Institute of Standards and Technology standards for developing and managing password policies, and requiring multifactor authentication.
Other mitigation tactics include:
- Keeping operating systems, software and firmware up to date
- Segmenting networks
- Implementing a network monitoring tool to identify, detect and investigate abnormal activity
- Installing and regularly updating real-time detection for anti-virus software
- Auditing user accounts with administrative privileges and implementing least-privilege access
- Disabling unused ports
- Maintaining offline data backups
- Ensuring all backup data is encrypted and immutable