Ransomware attack against Constellation Software claimed by ALPHV ransomware gang
May 5, 2023
FBI releases joint advisory warning of Bl00dy ransomware targets education organisation in PaperCut attacks
May 12, 2023

Kroll reveals new Cactus ransomware that encrypts itself to evade antivirus

On Wednesday 10th of May 2023, Kroll revealed a new ransomware strain named ‘Cactus’ which has been exploiting vulnerabilities in VPN appliances for initial access to networks of large commercial entities since March 2023.

The publication covering the strain revealed that the unique feature of the strain is its self-encryption capability. to make it difficult for antivirus software to detect the threat. Another notable characteristic of the strain is the use of multiple extensions for the files it targets, depending on the processing state. E.g., When preparing a file for encryption, Cactus changes its extension to .CTS0 which is then changed to .CTS1 after encryption.

At the moment there is no public information about the ransoms that Cactus demands from its victims, and it appears that they have not set up a leak site. However, the threat actor has threatened victims with publishing the stolen files unless they get paid.

Leave a Reply

Your email address will not be published. Required fields are marked *