The Cuba ransomware gang has been observed targeting critical infrastructure organizations in the United States and IT firms in Latin America, using a combination of old and new tools. The latest campaign by Cuba ransomware leverages CVE-2023-27532 to steal credentials from configuration files. The particular flaw impacts Veeam Backup Replication (VBR) products, and an exploit for it has been available since March 2023. Previously, FIN7, a group with multiple confirmed affiliations with various ransomware operations, was actively exploiting CVE-2023-27532.

Implications of the Cuba Ransomware Attacks

– The attacks by the Cuba ransomware gang pose a significant threat to critical infrastructure organizations in the United States and IT firms in Latin America.

– The exploitation of CVE-2023-27532 by the Cuba ransomware gang highlights the importance of promptly patching vulnerabilities in software systems.

– Organizations using Veeam Backup Replication (VBR) products should ensure they have applied the necessary security updates to protect against this specific exploit.

Protecting Against Ransomware Attacks

– To mitigate the risk of ransomware attacks, organizations should regularly update their software systems with the latest security patches.

– Implementing robust cybersecurity measures, such as multi-factor authentication and network segmentation, can help prevent the spread of ransomware within an organization.

– Regularly backing up critical data and storing it offline can also help organizations recover from a ransomware attack without paying the ransom .

References

Title: Cuba ransomware uses Veeam exploit against critical U.S. organizations by BleepingComputer