Cuba Ransomware encrypts user data ChaCha20 and encrypt key information with RSA. Cuba Ransomware has purportedly been active since Q4, 2019. However they gained fame after publishing leaked documents from there victim companies that failed or denied to pay ransom. An extension is added to encrypted files: .cuba The file marker FIDEL.CA is also used.
Cuba Ransomware Signatures
Cuba Ransomware Download