The Cuba ransomware gang has been observed targeting critical infrastructure organizations in the United States and IT firms in Latin America, using a combination of old and new tools. The latest campaign by Cuba ransomware leverages CVE-2023-27532 to steal credentials from configuration files. The particular flaw impacts Veeam Backup Replication (VBR) products, and an exploit for it has been available since March 2023. Previously, FIN7, a group with multiple confirmed affiliations with various ransomware operations, was actively exploiting CVE-2023-27532.
Implications of the Cuba Ransomware Attacks
– The attacks by the Cuba ransomware gang pose a significant threat to critical infrastructure organizations in the United States and IT firms in Latin America.
– The exploitation of CVE-2023-27532 by the Cuba ransomware gang highlights the importance of promptly patching vulnerabilities in software systems.
– Organizations using Veeam Backup Replication (VBR) products should ensure they have applied the necessary security updates to protect against this specific exploit.
Protecting Against Ransomware Attacks
– To mitigate the risk of ransomware attacks, organizations should regularly update their software systems with the latest security patches.
– Implementing robust cybersecurity measures, such as multi-factor authentication and network segmentation, can help prevent the spread of ransomware within an organization.
– Regularly backing up critical data and storing it offline can also help organizations recover from a ransomware attack without paying the ransom .
References
Title: Cuba ransomware uses Veeam exploit against critical U.S. organizations by BleepingComputer