Colddraw

Malware updated a month ago (2024-11-29T13:39:57.364Z)

Download STIX

Preview STIX

Colddraw, also known as Cuba and Fidel ransomware, first emerged on the cybersecurity threat landscape in 2019. This malicious software has been strategically targeting a moderate pool of victims over the years, marking encrypted files for the ransomware's and its decryptor's identification. The malware is designed to infiltrate systems through suspicious downloads, emails, or websites, often without the victim's knowledge. Once inside, it can disrupt operations, steal personal information, or hold data hostage for ransom. Despite having a relatively small list of victims, the targets have been carefully selected. The group behind this ransomware has changed names multiple times since its inception, with other monikers including ColdDraw and Fidel. Different researchers refer to the strain of ransomware used by this group as either Colddraw or Fidel. These name changes make tracking and studying the group more challenging, adding an additional layer of complexity to the threat they pose. Kaspersky, a cybersecurity company, recently detailed the tactics, techniques, and procedures of this notorious ransomware group. In their disclosure, they identified a new alias, "V Is Vendetta," suspected to have been used by a subgroup or affiliate of the original Colddraw group. This ongoing research highlights the evolving nature of the threat posed by the Colddraw ransomware and the need for continued vigilance in cybersecurity efforts.

Description last updated: 2023-12-05T00:29:18.153Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Fidel is a possible alias for Colddraw. Fidel is a form of malware, also known as Fidel ransomware or Colddraw, which is designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operation	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Colddraw Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securelist	a year ago	Kaspersky malware report for Q3 2023
CERT-EU	a year ago	Cuba Ransomware Deploys New Tools: Targets Critical Infrastructure Sector in the U.S. and IT Integrator in Latin America
CERT-EU	a year ago	Cuba ransomware gang looking for unpatched Veeam installations: Report \| IT World Canada News
CERT-EU	a year ago	Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	Cuba Ransomware Armed with New Weapons to Attack U.S Infrastructure
CERT-EU	a year ago	Cuba ransomware group observed exploiting high-severity Veeam bug