Cuba ransomware is a malware family that has been seasonally detected since it was first observed in February 2020. It resurfaced in November 2021 based on the FBI’s official notice, and has reportedly attacked 49 organizations in five critical infrastructure sectors, amassing at least US$ 43.9 million in ransom payments.
We observed Cuba ransomware’s resurgence in March and April this year. Our monitoring showed that the malware authors seem to be pushing some updates to the current binary of a new variant. The samples we examined in March and April used BUGHATCH, a custom downloader that the malicious actor did not employ in previous variants specifically for the staging phase of the infection routine.