Colddraw

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
Colddraw, also known as Cuba and Fidel ransomware, first emerged on the cybersecurity threat landscape in 2019. This malicious software has been strategically targeting a moderate pool of victims over the years, marking encrypted files for the ransomware's and its decryptor's identification. The malware is designed to infiltrate systems through suspicious downloads, emails, or websites, often without the victim's knowledge. Once inside, it can disrupt operations, steal personal information, or hold data hostage for ransom. Despite having a relatively small list of victims, the targets have been carefully selected. The group behind this ransomware has changed names multiple times since its inception, with other monikers including ColdDraw and Fidel. Different researchers refer to the strain of ransomware used by this group as either Colddraw or Fidel. These name changes make tracking and studying the group more challenging, adding an additional layer of complexity to the threat they pose. Kaspersky, a cybersecurity company, recently detailed the tactics, techniques, and procedures of this notorious ransomware group. In their disclosure, they identified a new alias, "V Is Vendetta," suspected to have been used by a subgroup or affiliate of the original Colddraw group. This ongoing research highlights the evolving nature of the threat posed by the Colddraw ransomware and the need for continued vigilance in cybersecurity efforts.
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Fidel
2
Fidel is a form of malware, also known as Fidel ransomware or Colddraw, which is designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operation
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Colddraw Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
9 months ago
Cuba ransomware group observed exploiting high-severity Veeam bug
CERT-EU
9 months ago
Cuba ransomware gang looking for unpatched Veeam installations: Report | IT World Canada News
CERT-EU
9 months ago
Cuba Ransomware Deploys New Tools: Targets Critical Infrastructure Sector in the U.S. and IT Integrator in Latin America
Securelist
6 months ago
Kaspersky malware report for Q3 2023
CERT-EU
9 months ago
Cuba Ransomware Armed with New Weapons to Attack U.S Infrastructure