New malware variant part of Cuba ransomware comeback

BleepingComputer reports that the Cuba ransomware operation had a resurgence of activity beginning in March with the use of a new variant that poses more risks for organizations being targeted by the group, most of which are in the U.S. More processes could be terminated by the updated Cuba ransomware variant prior to file encryption, such as MySQL, MS Exchange, and Outlook, while additional directories and file types have been added to the ransomware's exclusion list, a Trend Micro report revealed. Researchers also found that Cuba ransomware has also included quTox for live victim support in its ransom notes, which now threaten the publication of all stolen information if victims fail to meet attackers' demands within three days. "While the updates to Cuba ransomware did not change much in terms of overall functionality, we have reason to believe that the updates aim to optimize its execution, minimize unintended system behavior, and provide technical support to the ransomware victims if they choose to negotiate," said Trend Micro.