Cuba Ransomware Hackers Claim Montenegro Government Attack

Responsibility for ongoing ransomware attack in the country has been claimed by Cuba gang, as local officials blame Russia

The Balkans nation of Montenegro (formerly part of Yugoslavia) continues to deal with the impact of a ransomware attack that began last week.

Last Friday, Montenegro’s Agency for National Security (ANB) warned that hackers from Russia have launched a massive, coordinated cyberattack against the small nation’s government and its services.

According to the Associated Press, the Adriatic Sea state was once considered a strong Russian ally, but in 2017 it joined NATO despite strong opposition from Moscow. It has also joined Western sanctions against Russia for its invasion of Ukraine.

Russian internet © Pavel Ignatov Shutterstock 2012

Montenegro cyberattack

In addition to most European countries, Russia has added Montenegro to its list of “enemy states” for acting against Kremlin’s interests.

According to AP, the Montenegrin government earlier last week reported a series of cyberattacks on its servers, but said it managed to prevent any damage.

However, the attacks seem to be ongoing.

“Coordinated Russian services are behind the cyber attack,” the ANB said in a statement on Friday. “This kind of attack was carried out for the first time in Montenegro and it has been prepared for a long period of time.”

Dusan Polovic, a government official, was quoted as saying “I can say with certainty that this attack that Montenegro is experiencing these days comes directly from Russia.”

The ANB said last week that Montenegro is “under a hybrid war at the moment,” and the ANB website (and other governmental websites for the nation) still remain unavailable as of Thursday 1 September 2022.

Russian responsibility?

And now according to malware research group VX-Underground, the Cuba ransomware group claimed responsibility for the attack.

The Cuba ransomware group has reportedly claimed to have received the files belonging to the Montenegrin government’s Department for Public Relations on 19 August 2022.

The files allegedly contained information such as financial documents, correspondence with bank employees, balance sheets, tax documents, compensation, and source code.

But the question remains as to whether Moscow itself is behind this attack.

It should be noted that cybersecurity company Profero previously linked the Cuba ransomware group to Russian-speaking hackers, and researchers have observed the Russian language on its website and during its negotiations with victims.

Profero however said it believes the group is “not state-sponsored.”

In February this year, US deputy national security advisor Anne Neuberger, who is responsible for cyber and emerging technology, warned her European counterparts that Russia could use cyberattacks as part of its efforts to destabilise and further invade Ukraine.