The Cactus ransomware group has just announced an attack on four new targets on their Dark Web portal. The victims belong to multiple industries, and the attacks may not have a specific goal behind them.
It seems that the four targets happened this month in the same period since the Cactus group announced all four today (7th of September).
The four companies include an investment firm, an industry leader in the production of custom hydraulic cylinders, a company servicing automatic door systems, and a support company for the oil and gas industry.
In short, they’re large commercial companies that have a lot to lose from a ransomware attack.
We believe security online security matters and its our mission to make it a safer place.
The Cactus ransomware group has been very active since it first appeared on the Dark Web in March 2023.
Some of its previous targets include:
Every time, they identified their victims publicly and offered a description of each one on their dark web channel.
The way Cactus operates is quite sophisticated. They focus on VPN appliances to gain initial access and then install backdoors into the mainframe of each company.
The name of their group comes from the filename of the ransom note, “cAcTuS.readme.txt”.
So far, all the victims have been attacked using the same method – VPN appliances and the installation of SSH backdoors.
It’s pretty clear that the ransomware group won’t stop any time soon. Other large commercial entities using VPNs are also at risk of falling prey to the mysterious group.
At present, Cactus is one of the most notorious ransomware groups on the Dark Web, mainly due to the specificity of its attack patterns and modus operandi.