GAGANDEEP SINGH
09-May-2023
A new ransomware activity named Cactus has been making rounds & exploiting a VPN weakness.
The Catcus ransomware exploits weaknesses in the Virtual Private Network to gain initial access to the networks of big enterprises.
The ransomware has been active since at least March & looking to fork out money from the victim.
The ransomware exploits the weakness in VPN, swirling inside from a VPN server to a VPN service account.
What separates Cactus ransomware from other ransomware is the use of encryption to safeguard the binary.
As per Researchers, there are three ways of execution, each of which is selected with a specific command line.
For encrypting the data, the ransomware utilizes multiple extensions for the file it targets.
Security researchers also found that the malware uses a modified open-source tool version.