Cactus, a newly discovered ransomware operation has apparently been exploiting vulnerabilities in VPN appliance vulnerabilities to gain initial access to the networks of “large commercial entities.”
Although the new threat actor uses the usual file encryption and data stealing techniques used in ransomware attacks, it encrypts itself to evade detection by antivirus software, making it exceptionally challenging to eliminate.
Encrypted Configuration Twist
According
to the cybersecurity experts at Kroll, the Cactus ransomware infiltrates its
victims’ networks by exploiting security flaws in VPN appliances. The
researchers discovered that the hackers used compromised service accounts to
access these networks through VPN servers.
The self-encryption
attribute of Cactus ransomware is what makes it significant. Cactus operators utilize a batch script and the popular compression tool 7-Zip to obtain the encryptor binary to accomplish this. This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents