• Home
  • News
  • CACTUS Ransomware Targets the US-Based Arby's

CACTUS Ransomware Targets the US-Based Arby’s

Miklos Zoltan

By Miklos Zoltan . 18 April 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

CACTUS actors announced a recent ransomware operation against DRM Arby’s, which qualifies as a high-end breach. Arby’s packs a total revenue of around $266 million and the hackers announced a 175 GB-worth of a prize.

  • CACTUS operators mentioned that they’ve already leaked up to 1% of the data they’ve stolen
  • There is no information regarding the type of data being stolen or how large the ransom demand is
  • CACTUS is a novel ransomware gang coming with impressive stealth tactics and innovative attack tools
  • The gang’s favorite attack method is exploiting vulnerabilities in known VPN services

The group’s primary method of attack isn’t necessarily unique or groundbreaking, but it is highly effective. By infecting public VPN services, the hackers gain access to an immense database of potential victims.

At that point, all they have to do is to pick their target of choice and plan the breach. This simple, yet effective approach explains not only how CACTUS operators manage to breach high-value targets, but also how they remain stealthy while doing it.

X showing the Cactus attack on DRM, Inc.
https://twitter.com/FalconFeedsio/status/1780606392954499380

In terms of extortion practices, CACTUS sticks to the tried-and-tested double-extortion technique. The hackers encrypt the system and steal all the valuable data they can get. This will significantly increase the value of the ransom.

There’s no clear data on this, but it appears that CACTUS hackers do keep their word when it comes to providing the decryption key. This is standard practice in the ransomware sphere. If they wouldn’t do that, nobody would ever pay the ransom.

Not the same can be said about the operators deleting the stolen data. Because the victim cannot verify whether the hackers have kept their word, one must conclude that they haven’t. That’s because this is the norm in the ransomware business.

Most ransomware gangs keep the data to themselves, especially if it comes from a high-value target. They can then use it for their own benefit later down the line or sell it to other gangs. Either way, it doesn’t look good for the victim.

How Should You Protect Yourself Against CACTUS?

The best tactic revolves around learning how CACTUS operates. Your safety level is directly influenced by how much effort you put in that sense. Naturally, that’s not a fail-proof method either. You need to have a plan B in place in case your defenses fail.

And, as cybersecurity experts show, plan B is as simple and intuitive as they come: don’t negotiate with the hackers. First, because negotiating with the hackers, whether or not you decide to pay the ransom, already marks you as vulnerable.

The hackers will place your name in their database and either attack you again in the future, sell your info to other gangs, or both. Neither of these possibilities is favorable to you or your company.

The second problem is that paying the ransom or negotiating with the hackers doesn’t guarantee that they will delete the data. And, as history has taught us, they usually don’t.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment