Immediately after launching a violent cyber attack, Montenegro has accused Russia. Now cybercrime gangsters are taking responsibility.
The government in Montenegro has accused a cybercrime group called Cuba of being responsible for a large-scale cyberattack on the country’s digital infrastructure. This is reported by the Reuters news agency, citing Maras Dukaj, the Minister for Public Administration. Apparently, this does not take back the original blame on Russia. According to Dukaj, a total of 150 workplaces in 10 state institutions were infected with ransomware. Cuba has therefore taken responsibility for the attack, and the captured documents are to be published on the Darknet. The small state in the Western Balkans is getting help from the US federal police FBI to fight back.
Rapid Reaction Force from the USA
The National Security Agency (ANB) of Montenegro announced on Friday that state institutions have become the target of a cyber attack. Since then, the government’s website, among other things, has been offline, and government and agency services have been paralyzed. The ANB had directly accused Russian hackers of waging a “hybrid war” against the country. This was particularly explosive, since Montenegro has been a NATO member state since 2017. Even though a ransomware gang has now taken responsibility for the attack, Montenegro apparently does not want to move away from the accusation against Russia. According to Reuters, Moscow is still seen as ultimately responsible. So far, no ransom demand has been received.
It is not yet possible to say how serious the cyber attack and the consequences are. But the US Embassy has issued an unusual warning to all US citizens in the country: The ongoing cyberattacks could cripple supplies, transport including border stations and flights, and telecommunications. An FBI rapid-response team is now to help investigate the attack, reports the AP news agency. The help is a new confirmation of the “excellent cooperation” between the two countries, the government of Montenegro is quoted as saying. Following the Russian invasion of Ukraine, Montenegro joined Western sanctions against Russia and promptly ended up on Moscow’s list of “enemy states”.
According to Trendmicro, attacks with the Cuba ransomware have been around since at least February 2020. According to the FBI, the criminals have since received at least 43.9 million US dollars for releasing access to encrypted data. According to various reports, the group does not limit itself to attacks with ransomware and extortion of ransom for the release of the data, those affected are also threatened that the data will be published on the Darknet. Even a good backup strategy does not help against this so-called double extortion, which is now more widespread.
The FBI has not yet linked the Cuba group to Russia. However, the IT security company Profero claims to have found out in an analysis that the group has Russian-speaking members. Should the group actually come from Russia, the Kremlin should have at least some influence. But there is no evidence for that.
