Ransomware Group

Cactus

Status: active • First seen 2023-03100+ known victims

Cactus encrypts its own code to hide from antivirus. It only reveals itself when it runs, making it very hard to detect. They break in through VPN weaknesses.

Overview

Cactus is notable for encrypting itself to evade detection, using legitimate tools to unpack only when executed. The group exploits VPN vulnerabilities.

Target Industries

Manufacturing, Technology, Logistics, Professional Services

How They Attack

  • Self-encrypting payload
  • VPN exploitation
  • Double extortion
  • Evasion techniques

Notable Victims

Schneider Electric (2024), Manufacturing firms

Is your business exposed?

How to Protect Against Cactus

  1. 1.

    Patch VPN appliances immediately

  2. 2.

    Deploy behavioral detection

  3. 3.

    Monitor for packed/encrypted malware

MITRE ATT&CK Techniques

T1027, T1133, T1486, T1567

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices