cuba attacks prophoenix

Incident Date:

April 22, 2022

World map



cuba attacks prophoenix






Moorestown, USA

New Jersy, USA

First Reported

April 22, 2022

ProPhoenix Public Safety Software Targeted by Ransomware Group Cuba

ProPhoenix Public Safety Software, a provider of integrated public safety software solutions, has been targeted by the ransomware group Cuba. The attack was announced on the group's dark web leak site, and the victim's website is ProPhoenix. ProPhoenix operates in the Software sector and offers a range of services, including Computer-Aided Dispatch (CAD), Mobile, Law RMS, Fire RMS, Corrections Management, EMS, Internal Affairs, and Citizen Services.

Company Overview

ProPhoenix Public Safety Software is an on-premise and cloud-based system that allows agencies to quickly deploy integrated solutions using web services and Microsoft's premier server infrastructure. The software is designed to enable rapid deployment and simplified management. It supports all standard reporting protocols, including NIBRS, NFIRS, NEMSIS 3.5.0, and more.

Vulnerabilities and Targeting

The specific vulnerabilities that led to the successful attack by Cuba are not detailed in the search results. However, it is mentioned that the ransomware group uses a .NET payload and can self-propagate by using PsExec to remote execute itself on other hosts on the local network.

Industry Standing and Impact

ProPhoenix Public Safety Software is known for its integrated system that eliminates the need for duplicate entries and offers high-end solutions at an affordable price. The company's support and customer relationships are highlighted as key aspects of its success. The attack by Cuba could potentially disrupt the services provided by ProPhoenix, affecting the operations of the agencies that rely on their software.

The ransomware attack on ProPhoenix Public Safety Software by Cuba highlights the ongoing threat of cyber attacks in the software sector. The specific vulnerabilities exploited by the attackers are not detailed in the search results, but the use of a .NET payload and self-propagation capabilities suggest a sophisticated and potentially targeted attack. ProPhoenix's reputation for integrated solutions and customer support may have made them a valuable target for ransomware groups.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.