• Home
  • News
  • Cactus Ransomware Infiltrates 3 Across 3 Countries

Cactus Ransomware Infiltrates 3 Across 3 Countries

Miklos Zoltan

By Miklos Zoltan . 11 March 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

Novel Cactus ransomware targets 3 private companies based in the UK, Spain, and the Netherlands. The hacker group posted evidence about the attacks on their public TOR platform.

  • The Cactus extortion ring first emerged in March of 2023 but hit the public conscience quite decisively by the end of the year
  • The cybercriminal organization specializes in exploiting VPN vulnerabilities and encrypts itself to avoid detection
  • Despite being a newcomer in the ransomware sphere, Cactus already shows signs of advanced tactics and tools
  • By November 2023, Cactus already had 58 high-value victims in its name

Ransomware attacks have reached a peak recently, with both minor and major organizations being hit, sometimes multiple times per year. A recent study showed that 75% of all organizations in the world have been hit at least once during 2023.

A little over 25% of them have been hit 3 or 4 times during the same time span. It’s unusual for a novel ransomware group to rise to power in such a short notice. Even more unusual for such an extortion ring to target high-value entities almost exclusively.

X showing the Cactus attack on the 3 victims

The hackers left ransomware notes to all victims, as they usually do. These contain details regarding the victims’ credentials that they’re supposed to use to contact the hackers. It’s unclear whether any of the victims have contacted Cactus representatives.

Given that the cybercriminal gang is relatively new, there is also little information on their precise MO, structure, negotiation tactics, and tools they’re using. This is likely to change soon, given that the group has already attracted considerable attention towards itself.

What To Know About Cactus Ransomware?

It’s unusual for new-coming ransomware groups to rise to fame in such a short time span. Especially due to the rich competition in the ransomware sphere. This means that this gang’s achievement is impressive, to say the least.

Recent reports show that Cactus already occupies the 7th spot on the list of the most prolific extortion rings in terms of VPM (Average Victims Per Month.) So, what are some of the core characteristics of the Cactus ransomware actor? Here are a few to consider:

  • The predilection for targeting high-value organizations almost exclusively
  • The self-encryption tactic to camouflage its presence in the victim’s system
  • The tendency to use multiple infiltration tactics, including exploiting VPN and Qlik Sense vulnerabilities
  • The use of the double-extortion practice, which often increases the value of the ransom
  • Working as a RaaS (ransomware-as-a-service) and collaborating with affiliates

Other than that, Cactus is still a largely impregnable organization, but one that remains highly active and successful. This is especially concerning given that the group prioritizes high-value targets.

This suggests that Cactus has the means and the confidence to breach the victims while giving no thought to the possibility of attracting the FBI’s attention. So, how can you protect against cybercriminal actors like Cactus?

The answer is simple: ask for assistance. Cybersecurity professionals will help you build a robust and reliable defensive profile against ransomware and DDoS attacks. Don’t follow any DIY guides, as you have no way of knowing who’s writing them.

Or how reliable they are.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment