And ransomwareknown by the name of Cactusis worrying researchers working in the context of cybersecurity.
The malicious agent in question, active since March this year, has not only registered a high number of infectionsbut which also stood out for advanced techniques that he uses during his activities.
Compared to other similar ransomware, in fact, to make the work of security experts even more difficult, this one tends to continuously change its file extensions encrypted. Cactus also splits encrypted files into microbuffermaking their management even faster.
The strategy implemented by this malware exploits tactics, techniques and procedures (TTPs) advanced, capable of causing great difficulty for detection tools and personnel involved in defending the devices. The ransomware in question appears to be so refined that it “self-encrypts”, making it even more difficult to detect. According to a report proposed by LogpointCactus manages to manipulate and create new alert rulesall to exponentially increase the level of obfuscation.
Cactus is ransomware that “self-encrypts” itself to avoid detection
Since its appearance, this threat has firmly established itself in the world 10 most widespread ransomware in the world. According to data provided by NCCFurthermore, the month of November saw Cactus occupy the seventh position in this ranking.
Once the device is infected, the malware uses software such as Splashtop o AnyDesk to interact with the affected system, as well as additional tools, such as Chiselto create a proxy among infected hosts.
To avoid the damage caused by Cactus, as well as many other similar ransomware, experts recommend some habits to maintain for correct “IT hygiene”. Adopt a antivirus preventively, as well as avoiding the download of suspicious email attachmentscan be practices that dramatically reduce potential risks.