Security News > 2023 > May > New Cactus ransomware encrypts itself to evade antivirus
A new ransomware operation called Cactus has been exploiting vulnerabilities in VPN appliances for initial access to networks of "Large commercial entities."
What sets Cactus apart from other operations is the use of encryption to protect the ransomware binary.
"CACTUS essentially encrypts itself, making it harder to detect and helping it evade antivirus and network monitoring tools," Laurie Iacono, Associate Managing Director for Cyber Risk at Kroll, told Bleeping Computer.
Ransomware expert Michael Gillespie also analyzed how Cactus encrypts data and told BleepingComputer that the malware uses multiple extensions for the files it targets, depending on the processing state.
Like most ransomware operations, Cactus also steals data from the victim.
Gillespie told us that the encryption routine in Cactus ransomware attacks is unique.