Montenegro hit by ransomware attack, hackers demand $10 million

The government of Montenegro has provided more information about the attack on its critical infrastructure saying that ransomware is responsible for the damage and disruptions.

Public Administration Minister Maras Dukaj stated on local television yesterday that behind the attack is an organized cybercrime group. The effects of the incindet continue for the tenth day.

The minister added that a “special virus” is used in this attack and there is a ransom demand of $10 million.

Dukaj-interview

Dukaj also added that at this point, the state could not give an estimate of when the services will become available.

False allegations and Cuba

Previously, Dukaj himself, along with Montenegro’s Defense Minister, told local media that they had enough evidence to suspect the cyberattacks were directed by Russian services.

This gave the incident a geopolitical hue and mobilized the Balkan country’s NATO allies to help them with incident response, defense, and remediation.

The next day, though, Cuba ransomware gang listed the Parliament of Montenegro (Skupstina) as its victim and claimed to have stolen financial documents, correspondence with banks, balance sheets, tax documents, compensation, and even source code.

Cuba ransomware extortion site listing Skupstina
Cuba ransomware extortion site listing Skupstina in the free section

The data was published on the “free” section of the site, available to any visitor with no restrictions.

Cuba ransomware evolution

Cuba ransomware has demonstrated notable evolution lately. Three weeks ago, researchers spotted a novel toolset used by the gang along with previously unseen tactics, techniques, and procedures.

In June, Cuba ransomware updated its encryptor with additional options and set up a communication channel for “live victim support.”

Another notable change is observed in the group’s targeting scope. In 2021, Cuba focused heavily on U.S.-based organizations.

Source: www.bleepingcomputer.com