The Cuba Ransomware targets the Windows operating system. It was discovered by Ravi, an American Ransomware hunter. His attacks are carried out through email campaigns.
The emails contain a link to “subscribe” to a service document, the malware is delivered via this macro-loaded Word document, which contains a Hancitor payload, which is downloaded and opened.
Hancitor is a downloader that was first seen in 2014, it delivers macros which is an elaborate command that converts peripheral inputs into commands and actions in Windows.
With these commands it invades and installs into the operating system tools that will open doors to extract data, along with these tools comes Cuba ransomware which when installed compromises Windows systems and takes full control of the system and encrypts stored data.
This Ransomware has affected organizations in the United States, Latin America and Europe.
After encryption, the ransomware leaves several references to Cuba as extensions in all encrypted files, (Example: 1.pdf.cuba) and also a string ‘FIDEL.CA’ embedded in its header and probably points to Fidel Castro, which is another reference to Cuba.
Recovery of files encrypted by Cuba ransomware
Technologies capable of recovering encrypted files are rare, only a few companies in the world have the ability to develop it. Among this select group of companies is Digital Recovery, which has been able to develop this technology.
We are able to recover files encrypted by any ransomware extension.
Our processes are 100% reliable, as they are done based on the confidentiality agreement (NDA).
During the entire process the client is accompanied by a specialist who will clarify any doubts about the procedures adopted.
Contact our specialists and see all that we can do for you and your company.