Ransomware Cuba

The Cuba Ransomware targets the Windows operating system. It was discovered by Ravi, an American Ransomware hunter. His attacks are carried out through email campaigns.

The emails contain a link to “subscribe” to a service document, the malware is delivered via this macro-loaded Word document, which contains a Hancitor payload, which is downloaded and opened.

Hancitor is a downloader that was first seen in 2014, it delivers macros which is an elaborate command that converts peripheral inputs into commands and actions in Windows.

With these commands it invades and installs into the operating system tools that will open doors to extract data, along with these tools comes Cuba ransomware which when installed compromises Windows systems and takes full control of the system and encrypts stored data.

This Ransomware has affected organizations in the United States, Latin America and Europe.

After encryption, the ransomware leaves several references to Cuba as extensions in all encrypted files, (Example: 1.pdf.cuba) and also a string ‘FIDEL.CA’ embedded in its header and probably points to Fidel Castro, which is another reference to Cuba.

Recovery of files encrypted by Cuba ransomware

Technologies capable of recovering encrypted files are rare, only a few companies in the world have the ability to develop it. Among this select group of companies is Digital Recovery, which has been able to develop this technology.

We are able to recover files encrypted by any ransomware extension.

Our processes are 100% reliable, as they are done based on the confidentiality agreement (NDA).

During the entire process the client is accompanied by a specialist who will clarify any doubts about the procedures adopted.

Contact our specialists and see all that we can do for you and your company.

Digital Recovery helps companies recover data

Check out other posts

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Recuperar Ransomware BlogXX

Ransomware BlogXX

The BlogXX ransomware group recently emerged with the theft of patient data from Mediabank, an Australian health insurance company, on October 12. According to authorities,


Ransomware Pozq

The Pozq ransomware was recently discovered after a sample submission on VirusTotal. After some analysis, evidence was highlighted that Pozq may have a relationship with

Ransomware buybackdate

Buybackdate ransomware

Buybackdate ransomware is the name of the newest extension that was discovered by cybersecurity researchers through VirusTotal. According to the experts, buybackdate belongs to the


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.