Ransomware Cactus Tricks Antivirus Apps With Encryption
Hacker groups are constantly resorting to new and more complex tricks to cover their tracks and bring malware onto other systems unnoticed. Cactus ransomware encrypts itself to avoid being detected by antivirus apps.
As Bleeping Computer mentions in a report, Cactus has been active since at least March 2023. The objective of the operation, as usual, is to infect computers and extort ransom from the owners. The malware targets large companies, as they often work with important data and are often willing to pay larger sums of money. It is unclear how high the ransom demanded is. The attackers may offer their victims individual “deals” that can run into the millions.
The vulnerability was exploited in Fortinet products
What is special about the Cactus malware is that the program uses several tricks to bypass security measures. Initial access is gained by exploiting known vulnerabilities in Fortinet VPN solutions. The hackers access the network via a VPN server and then run a batch script to download the actual ransomware. The malicious code is transmitted in a ZIP file and extracted after the download.
In order to launch the application and encrypt files on the infected system, the hackers have to enter a unique key in the command line. The key is used to decrypt the configuration file and the RSA public key is used to encrypt the files. During the download, Cactus is only available in encrypted form so access cannot be prevented by protection systems. Before encryption, the files are transferred to the attackers’ servers.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.