Cybercrime
New Ransomware Strain ‘CACTUS’ Exploits VPN Flaws to Infiltrate Networks
Barnaby Holdsworth-Kirby
September 20, 2024
Summary
This blog post covers the recent 'CACTUS' Ransomware strain and what organisations can do to protect themselves from this attack. Have a listen to our ThreatBite to hear expert advice from our consultants.

Who is 'CACTUS'?

CACTUS is a new strain of Ransomware recently identified by cybersecurity researchers. It exploits flaws in virtual private network (VPN) systems to infiltrate corporate networks and encrypt data before demanding a ransom for its release.

The name ‘CACTUS’ stands for ‘Crypto-lock Attack Causing Total Usability Shutdown’. It was first discovered in January 2021 and is believed to have originated in the Middle East.

How Does 'CACTUS' Work?

CACTUS operates by exploiting known vulnerabilities in VPN systems. It uses various techniques, including brute-force attacks, web application exploits, and SQL injection attacks, to gain access to a network. Once it has infiltrated the network, CACTUS encrypts data and demands a ransom payment to restore access.

In addition to encrypting data, CACTUS can gather sensitive information from infected networks and exfiltrate it. It is capable of stealing usernames and passwords, personal files, financial  records, and more.

What Are The Risks?

The consequences of a successful CACTUS attack can be severe. It can cause major disruption to business operations, as well as significant financial losses. Furthermore, stolen data can be used for a variety of malicious purposes, such as identity theft or extortion.

How Can You Protect Yourself?

Organisations should take steps to protect their networks against CACTUS and other ransomware attacks. This includes regularly patching vulnerabilities in VPN systems, implementing strong security measures such as two-factor authentication, and backing up data regularly.

Additionally, organisations should be aware of the signs of an attack, including unexpected system slowdowns and suspicious messages or emails. If a CACTUS attack is suspected, it is important to contact a cybersecurity expert immediately in order to mitigate the damage and restore access to data. By taking the necessary precautions, organisations can help ensure that their networks are secure from CACTUS and other ransomware attacks.

Barnaby Holdsworth-Kirby

Barnaby Holdsworth-Kirby is an award-nominated open-source investigator at DarkInvader and a proud member of the UK OSINT community. With deep expertise and a passion for uncovering hidden insights, Barnaby is dedicated to advancing the field of open-source intelligence, helping organisations navigate complex security challenges with precision and insight.

Sign Up for Your Free Account

Unlock continuous, real-time security monitoring with DarkInsight. Sign up for your free account today and start protecting your external attack surface from potential threats.

Create My Free Account