cuba attacks Sonomatic Inc

Incident Date:

January 10, 2022

World map



cuba attacks Sonomatic Inc


Sonomatic Inc




Katy, USA

Texas, USA

First Reported

January 10, 2022

Sonomatic Inc. Suffers Ransomware Attack by Cuban Group

Sonomatic Inc., a leading provider of NDT inspection and integrity inspection services, has been targeted by the ransomware group Cuban in a recent attack. The company, which specializes in the design, development, and application of NDT inspections, has been hit by the Cuban ransomware group, which has claimed responsibility for the attack on their website.

Sonomatic Inc. is a global market leader in ROV-deployed subsea inspection and Non-Intrusive Inspection (NII) technologies, offering seamless NDT services and managing term contracts, off-shore and on-shore projects. The company's website does not provide information on the size of the company or its vulnerabilities that may have led to the attack.

The Cuban Ransomware Group

The Cuban ransomware group, also known as ALPHV, is a Ransomware as a Service (RaaS) operation that uses the Rust programming language and supports execution on Windows, Linux-based operating systems, and VMWare ESXi. The group has been observed deploying ransomware since November 18, 2021, and can encrypt files using either the AES or ChaCha20 algorithms.

The attack on Sonomatic Inc. is part of a larger trend of ransomware attacks on organizations worldwide, causing personal data breaches and disrupting operations. The "No More Ransom" website, an initiative by the National High Tech Crime Unit of the Netherlands' police, Europol's European Cybercrime Centre, Kaspersky, and McAfee, aims to help victims of ransomware retrieve their encrypted data without having to pay the ransom.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.