The Cuba ransomware operation has returned to regular operations with a new version of its malware found used in recent attacks. Trend Micro analysts report seeing a resurgence in Cuba infections, starting in March and continuing strong until April 2022. The malware now terminates more processes before encryption, including Outlook, MS Exchange, and MySQL. The gang has updated its ransom notes, adding quTox for live victim support and stating that the threat actors will publish all stolen data on the Tor site if the demands aren’t met within three days.
Cuba ransomware returns to extorting victims with updated encryptor
