Ransomware
Cactus
First seen: 2023-03 • Status: active
Currently Active Threat
Cactus ransomware is sneaky - it encrypts its own code so antivirus cannot detect it. It breaks in through VPN vulnerabilities.
Overview
Cactus ransomware uniquely encrypts itself to evade antivirus detection. It exploits VPN vulnerabilities for initial access.
Also Known As
Cactus Ransomware
How It Spreads
- • Fortinet VPN exploitation
- • VPN vulnerabilities
What It Does
- • Self-encryption evasion
- • File encryption
- • Data theft
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor for self-decrypting payloads
- • Patch VPN devices
MITRE ATT&CK Techniques
T1486, T1027, T1133
If You're Infected
- 1.
Patch Fortinet and VPN devices
- 2.
Monitor for self-encrypting malware
Related Malware
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required