Montenegro hit by ransomware attack, hackers demand $10 million

Montenegro hit by ransomware attack, hackers demand $10 million

The government of Montenegro has provided more information about the attack on its critical infrastructure saying that ransomware is responsible for the damage and disruptions.

Public Administration Minister Maras Dukaj stated on local television yesterday that behind the attack is an organized cybercrime group. The effects of the incindet continue for the tenth day.

The minister added that a “special virus” is used in this attack and there is a ransom demand of $10 million.


Dukaj also added that at this point, the state could not give an estimate of when the services will become available.

False allegations and Cuba

Previously, Dukaj himself, along with Montenegro’s Defense Minister, told local media that they had enough evidence to suspect the cyberattacks were directed by Russian services.

This gave the incident a geopolitical hue and mobilized the Balkan country’s NATO allies to help them with incident response, defense, and remediation.

The next day, though, Cuba ransomware gang listed the Parliament of Montenegro (Skupstina) as its victim and claimed to have stolen financial documents, correspondence with banks, balance sheets, tax documents, compensation, and even source code.

Cuba ransomware extortion site listing SkupstinaCuba ransomware extortion site listing Skupstina in the free section

The data was published on the “free” section of the site, available to any visitor with no restrictions.

Cuba ransomware evolution

Cuba ransomware has demonstrated notable evolution lately. Three weeks ago, researchers spotted a novel toolset used by the gang along with previously unseen tactics, techniques, and procedures.

In June, Cuba ransomware updated its encryptor with additional options and set up a communication channel for “live victim support.”

Another notable change is observed in the group’s targeting scope. In 2021, Cuba focused heavily on U.S.-based organizations.


  • thatirish Photo thatirish – 4 days ago

    Until governments are held responsible for what their citizens do in regards to cybercrime, whether actually affiliated with their government or not, there is no end in sight.

  • GT500 Photo GT500 – 2 days ago

    Cuba has been under embargo since at least 1962. Why would they care if the rest of the world demanded they punish threat actors in their country?

  • Windows Repair (All In One) Logo

    Windows Repair (All In One)

    Version: 4.13.1 2M+ Downloads

  • Malwarebytes Anti-Malware Logo

    Malwarebytes Anti-Malware

    Version: 4.5.12 4M+ Downloads

  • Everything Desktop Search Logo

    Everything Desktop Search

    Version: 21,223 Downloads

  • Zemana AntiLogger Free Logo

    Zemana AntiLogger Free

    Version: 51,171 Downloads

  • Zemana AntiMalware Logo

    Zemana AntiMalware

    Version: NA 302,613 Downloads


Related posts

New ESXiArgs ransomware version prevents VMware ESXi recovery

Sarah Henriquez

Pen Testers using Vulnerability Scanners – Closing the Gap

Sarah Henriquez

200,000 North Face accounts hacked in credential stuffing attack

Sarah Henriquez

Leave a Comment