Menu
On Wednesday 10th of May 2023, Kroll revealed a new ransomware strain named ‘Cactus’ which has been exploiting vulnerabilities in VPN appliances for initial access to networks of large commercial entities since March 2023.
The publication covering the strain revealed that the unique feature of the strain is its self-encryption capability. to make it difficult for antivirus software to detect the threat. Another notable characteristic of the strain is the use of multiple extensions for the files it targets, depending on the processing state. E.g., When preparing a file for encryption, Cactus changes its extension to .CTS0 which is then changed to .CTS1 after encryption.
At the moment there is no public information about the ransoms that Cactus demands from its victims, and it appears that they have not set up a leak site. However, the threat actor has threatened victims with publishing the stolen files unless they get paid.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
