Tech & Innovation in Healthcare

Industry Notes:

Beware of Updated Cuba Ransomware Techniques

Published on Wed Feb 01, 2023

On Dec. 1, 2022, the Federal Bureau of Investigation (FBI) and the Cybersecurity & Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory (CSA) updating a December 2021 FBI Flash regarding Cuba ransomware. The agencies provided additional information about how threat actors have adjusted how they unleash the ransomware on entities.

Important: The threat is known in the industry as Cuba ransomware, but at the time of publication, there is no known connection between the ransomware threat actors and the Republic of Cuba.

Background: In 2021, the FBI detected threat actors using Cuba ransomware to target different U.S. entities in five key infrastructure sectors, including healthcare and public health.

Cuba ransomware threat actors used the following tactics to leverage systems:

Phishing;
Using compromised credentials;
Taking control of remote desktop protocol (RDP) tools; and
Exploiting commercial software known vulnerabilities.

Since the original announcements, systems affected by Cuba ransomware have doubled in the U.S., and as of August 2022, threat actors have:

Seized control of 101 entities, including 65 within the U.S.
Demanded $145 million in ransom.
Received $60 million in ransom payments.

According to the CSA, “third-party and open-source reports have identified a possible link between Cuba ransomware actors, RomCom Remote Access Trojan (RAT) actors, and Industrial Spy ransomware actors.”

Since spring 2022, threat actors have made changes to their tactics, techniques, and procedures (TTPs) and tools to compromise networks and seek payments from their victims. Threat actors have deployed ransomware, but they also have implemented “double extortion” techniques. The double extortion techniques begin by stealing the victim’s data and then the threat actors demand a ransom payment to decrypt the data, and finally threaten to release the data publicly if the ransom isn’t paid.

The FBI and CISA provided mitigation recommendations in the CSA to “limit potential adversarial use of common system and network discovery techniques to reduce the risk of compromise by Cuba ransomware.”

Some of the mitigation recommendations include, but are not limited to:

Employ a recovery plan.
Establish National Institute for Standards and Technology (NIST)-standard password policies for all accounts with password logins.
Set up multifactor authentication (MFA).
Update operating systems, software, and firmware.
Segment networks to help stop a ransomware’s reach.

Tech & Innovation in Healthcare

Telehealth:
Imagining the Future of Telehealth
Could an all-in-one virtual care option be on the horizon? During the heights of COVID-19, [...]

Digital Health:
Add Technology to Your Senior Care Delivery Model
Find the balance between data and care delivery. According to the U.S. Department of Health [...]

Interoperability:
Learn How CMS is Promoting Easier Health Care Data Sharing
Proposal aims to fine-tune prior authorization rules. During the COVID-19 pandemic, healthcare providers needed to [...]

Industry Notes:
Beware of Updated Cuba Ransomware Techniques
On Dec. 1, 2022, the Federal Bureau of Investigation (FBI) and the Cybersecurity & Infrastructure [...]

Reader Questions:
Could Threat Actors Use AI Text Generators for Malicious Means? Find out
Question: I’m impressed by the ways artificial intelligence (AI) is being used in healthcare, and I’ve [...]

Reader Questions:
Keep a Portable Ultrasound in Your To-Go Bag
Question: While watching a sports event recently, I was impressed by the quick reaction by the [...]

Reader Questions:
Practice Good Cyber Hygiene to Keep Your Network Clean
Question: I keep hearing the term “cyber hygiene,” but I don’t know what it means. Could [...]

View All