Post by account_disabled on Feb 24, 2024 0:15:09 GMT -5
The panorama of cyber attacks is taking center stage with a particular ransomware capable of self-encrypting itself to be able to evade the work of antiviruses. This system is currently one of the protagonists in attacks that require the payment of a ransom in exchange for non-disclosure of information. As is evident, cyber crime is constantly evolving, leveraging increasingly sophisticated attack technologies and techniques. Ransomware, in particular, is forcing companies to face ever-new and sometimes unknown threats.
Content index: The new Cactus ransomware: what we know The main characteristics of the Qatar Mobile Number List ransomware How does Cactus ransomware spread? Why is Cactus a unique ransomware? The main actions that help you protect yourself from threats The new Cactus ransomware: what we know According to initial information, Cactus is the new ransomware strain that uses cutting-edge techniques to steal data and encrypt files, with the peculiarity of using a different method to avoid detection. The naming of the attack comes from the name of the file provided within the ransom note, cAcTuS.readme.txt . The main characteristics of the ransomware The history of Cactus is really very recent. In fact, it is a threat that has been active since March 2023.
The attack exploits vulnerabilities related to Fortinet VPN appliances, with the aim of permeating the networks of large commercial entities. In all cases observed by Kroll, the attacker gained access to the VPN service and used an SSH backdoor that he could then reach from a command and control (C2) server to maintain control of the devices. It is interesting to know that, once inside the network, the cyber criminal carries out scouting using SoftPerfect Network Scanner (netscan) to identify the most attractive target. A further particular feature of Cactus is the use of encryption to protect the specific code of this ransomware. Two systems are therefore exploited: the 7Zip archive and the batch script, with the latter using msiexec to deactivate the protection of antivirus software , thus being able to act freely to steal data. For this purpose, Cactus uses Rclone, which allows you to transfer files to the cloud.
Content index: The new Cactus ransomware: what we know The main characteristics of the Qatar Mobile Number List ransomware How does Cactus ransomware spread? Why is Cactus a unique ransomware? The main actions that help you protect yourself from threats The new Cactus ransomware: what we know According to initial information, Cactus is the new ransomware strain that uses cutting-edge techniques to steal data and encrypt files, with the peculiarity of using a different method to avoid detection. The naming of the attack comes from the name of the file provided within the ransom note, cAcTuS.readme.txt . The main characteristics of the ransomware The history of Cactus is really very recent. In fact, it is a threat that has been active since March 2023.
The attack exploits vulnerabilities related to Fortinet VPN appliances, with the aim of permeating the networks of large commercial entities. In all cases observed by Kroll, the attacker gained access to the VPN service and used an SSH backdoor that he could then reach from a command and control (C2) server to maintain control of the devices. It is interesting to know that, once inside the network, the cyber criminal carries out scouting using SoftPerfect Network Scanner (netscan) to identify the most attractive target. A further particular feature of Cactus is the use of encryption to protect the specific code of this ransomware. Two systems are therefore exploited: the 7Zip archive and the batch script, with the latter using msiexec to deactivate the protection of antivirus software , thus being able to act freely to steal data. For this purpose, Cactus uses Rclone, which allows you to transfer files to the cloud.