‘Cuba’ Ransomware Gang Hits Payment Processor, Steals Data

A ransomware gang has hit a Seattle-based billing and payment processing provider. This highlights how criminals are both attacking businesses and also stealing and selling valuable personal information, regardless of whether or not the ransom is paid. Gangs are increasingly targeting service businesses with access to customers’ financial information.

The ‘Cuba’ ransomware gang has taken credit for the hit against Automatic Funds Transfer Services, saying on its dedicated leaks site—reachable only via the anonymizing Tor browser—that it left AFTS crypto-locked as of Feb. 4.

The leaks site listing says “financial documents, correspondence with bank employees, account movements, balance sheets and tax documents” were among the information the gang stole. The AFTS listing on Cuba’s leaks site also states that the ransom demand was “paid.”

Exactly what types of data were compromised by attackers apparently has not yet been determined.

One of the victims, the Lakewood Water District, notified its customers: “For residents or businesses who pay their utility bills by mailing a paper check, scanned copies of their paper checks are also stored on the AFTS servers, which include bank account and routing information. It is unknown at this time whether these scanned copies of checks have been illicitly extricated from the network.”

But at least some personal information—including names, addresses, email addresses, bank account details, and payment or invoice amounts—does appear to have been exposed.

There is no indication that the gang has any connection with the country of the same name.

For more information on the evolving IT security threats in the financial sector and what your bank can do to protect your customers, call ITPAC today.