Introduction
Virtual private networks, more commonly known as VPNs, have long been touted as a more secure way to browse the Internet. They allow you to access the internet securely and anonymously, making it difficult for anyone to track your online activity. VPNs can also be used to bypass geo-restrictions and ISPs, allowing you to access content that may otherwise be blocked in your location. Some are paid, some are free; they all help you enjoy a secure and private browsing experience while protecting yourself from cyber threats.
How does it work? Basically, the VPN service creates an encrypted connection between your computer and the internet, allowing you to access websites, applications, and services without anyone else being able to monitor your activity.
Sounds great…but every software has its vulnerability. One malicious program is finding one in common VPNs.
CACTUS Ransomware
Circa March 2023, organizations began reporting odd behavior that was later uncovered to be CACTUS. This ransomware group as certainly entered center stage with a bang.
By compromising the VPN service directly, CACTUS can target specific networks. Since companies use VPNs to protect the transit and communication of their most private information, this nets the group serious leverage. They’re able to remotely monitor their target’s system and escalate their own privileges to carry out the attack.
Just like your VPN, CACTUS is encrypted. That makes it much harder for your antivirus and other continuous monitoring software to recognize it for what it is. This is one instance where you want your security team to pay attention themselves!
What Happens to Victims?
Quite typically for a ransomware group, the threat group behind CACTUS also employs double extortion techniques on their victims. So even if you pay the exorbitant ransom they charge, and even if they really do decrypt your information and give it back, they will then demand a second payment to stop them from publishing or selling copies of your private files.
Typically, ransomware groups don’t give your data back even if you pay! In fact, they run off with your money AND data over 90% of the time!
Much better, then, is to follow your company’s usual incident response plan when it comes to ransomware. Immediately report it to your IT team so they can enact next steps ASAP.
Conclusion
Ransomware has been one of the top threats to businesses of ALL sizes for years now. CACTUS is simply one example of why that trend doesn’t seem to be going away; if anything, it shows how threat actors continue to evolve trying to dart past our best defenses.
We need to be prepared for the worst! The cyber-threat landscape is getting savvier with every new defense mechanism we invent. Thus it’s critical to stay abreast of new threats so you can recognize the signs and defend your systems appropriately. CACTUS is only the latest ransomware threat to businesses today.
References
- https://thehackernews.com/2023/05/new-ransomware-strain-cactus-exploits.html
- https://www.csoonline.com/article/3695948/new-ransomware-group-cactus-abuses-remote-management-tools-for-persistence.html
- https://www.bleepingcomputer.com/news/security/new-cactus-ransomware-encrypts-itself-to-evade-antivirus/
