Home Malware Programs Ransomware Cuba Ransomware

Cuba Ransomware

Posted: January 6, 2020

The Cuba Ransomware is a file-locker Trojan and a possible variant of the '.jamper File Extension' Ransomware. The Cuba Ransomware can encrypt and block files on your PC, including any network-accessible drives, and hold them for ransom with messages in every directory. A proper backup establishment can prevent any harm from this threat, and a professional anti-malware product should address infections adequately by blocking the installations or removing the Cuba Ransomware automatically.

A Different Cuban Crisis

While it's more reputed for its unique political situating, Cuba is becoming something else, now – the emblem for a new file-locker Trojan. The Cuba Ransomware may include internal references to Fidel Castro but has no special dedication to targeting victims in Cuba over other nations. Symptoms of the Cuba Ransomware infections also lead malware experts to suspect that the threat could be a variation on the '.jamper File Extension' Ransomware or it's more-recent BURAN Ransomware.

The Cuba Ransomware is a Windows threat whose history includes targeting undisclosed business entities with data-encrypting attacks. The attack routine blocks various file formats, such as documents, databases, archives, and pictures, and includes appending a 'cuba' extension onto their names. An important detail in the payload is that the Cuba Ransomware's design accommodates network shares, which means that unsecured network-available devices and drives will experience the same encryption damages.

More technically, the Cuba Ransomware also replaces the file's internal header with an abbreviation of Fidel Castro's name. While it's an interesting reference, it doesn't impact the fundamental security of the encryption that stops the file from opening.

The Cuba Ransomware also creates a text ransom note in every folder that contains encrypted media. The text message – one of its most explicit similarities with the BURAN Ransomware, et al. – gives a generic warning, an e-mail address for negotiating a ransom, and an unusually-simple ID number. Ordinarily, malware experts would dub the latter as being a placeholder. However, since it's verifiable that the threat is out in a wild environment, the Cuba Ransomware isn't classifiable as an in-development program.

Spurning an Attempted Invasion of Your Files

The tongue-in-cheek theme of the Cuba Ransomware does little for mitigating the damage that infections can cause for both average users and networks administrated by businesses, governments and non-governmental organizations. Fortunately, current victims of the Cuba Ransomware possessed backups and could retrieve their work without losing anything or paying a ransom. Although the Cuba Ransomware contains no details about its ransoming prices, its possible ancestors have made demands of up to three thousand USD.

Infection methods for the Cuba Ransomware are unknown but are likely to focus on the traditional strategies for targeting business networks. Out of these, malware experts rate the following as being in the most use:

  • E-mail attachments may carry vulnerabilities that trigger installations for the Cuba Ransomware. Patching your software and disabling macros can prevent these attacks.
  • Admin accounts using inappropriately-weak passwords, such as factory defaults, are at risk of brute-force attacks that let an attacker hijack the account.
  • Using unsafe settings for ports or RDP, particularly, also invites hackers to take over control of a server remotely.

If other security measures are inadequate, the usual anti-malware programs should delete the Cuba Ransomware immediately, assuming excessively out-of-date databases don't hobble them.

The Cuba Ransomware's political gags have little meaning to its victims, who experience the same encryption-based extortion as thousands of others. Whatever its name is, the only revolution that's going on in its code concerns grabbing and smashing data for cash.

Loading...