Security News > 2023 > May > New Ransomware Strain 'CACTUS' Exploits VPN Flaws to Infiltrate Networks

New Ransomware Strain 'CACTUS' Exploits VPN Flaws to Infiltrate Networks
2023-05-09 05:48

Cybersecurity researchers have shed light on a new ransomware strain called CACTUS that has been found to leverage known flaws in VPN appliances to obtain initial access to targeted networks.

"Once inside the network, CACTUS actors attempt to enumerate local and network user accounts in addition to reachable endpoints before creating new user accounts and leveraging custom scripts to automate the deployment and detonation of the ransomware encryptor via scheduled tasks," Kroll said in a report shared with The Hacker News.

A novel aspect of CACTUS is the use of a batch script to extract the ransomware binary with 7-Zip, followed by removing the.7z archive before executing the payload. "CACTUS essentially encrypts itself, making it harder to detect and helping it evade antivirus and network monitoring tools," Laurie Iacono, associate managing director for cyber risk at Kroll, told The Hacker News.

"This new ransomware variant under the name CACTUS leverages a vulnerability in a popular VPN appliance, showing threat actors continue to target remote access services and unpatched vulnerabilities for initial access."

The development comes days after Trend Micro shed light on another type of ransomware known as Rapture that bears some similarities to other families such as Paradise.

CACTUS and Rapture are the latest additions to a long list of new ransomware families that have come to light in recent weeks, including Gazprom, BlackBit, UNIZA, Akira, and a NoCry ransomware variant called Kadavro Vector.

News URL