New Cactus #Ransomware Encrypts Itself To Avoid Detection By Security Software
The new Cactus ransomware variant encrypts itself to avoid detection by security software.
Kroll LLC saw the malware in use in March on Fortinet Inc. Using VPN appliances to gain access to major organizations before exploiting them and stealing data.
Cactus Ransomware Explained
Cactus abide by the regular ransomware steps – dispersing through a targeted network, pilfering and encrypting files as it goes along, but its obfuscation technique is what makes it intriguing when likened to other forms of ransomware.
Furthermore, A reported statement on Sunday shows Catcus uses encryption to shield the ransomware binary. The group behind Cactus uses a batch script to convey the encryptor binary using 7-Zip, to evade detection by antivirus and other security tools.
Additionally, the original ZIP archive is then extracted and deployed to the binary with a specific flag that allows it to execute. Interestingly, Cactus’s attempts to operate undetected do not stop there.
However, Cactus also deploys a batch script that removes the most typically used antivirus products as well. Although the group steals data from its targets, moving it using the Rclonbe tool, it appears Cactus has not set up its leak site.
Cactus Revealed A New Ransomware World
Ransomware operators normally direct victims to a leak site for more news, whereas, the ransom note from Cactus requests targets to contact them by email or a backup chat service to retrieve their files and prevent public disclosure.
Steve Hahn says, This is yet another way for ransomware to thoroughly evade the targets security tools such as antivirus and security detection and response and indicated just how easy it is for the threat actors to kick off a ransomware attack.
Every year, ransomware ultimately takes down thousands of businesses. In each instance, companies set up preventive measures to curb the spread of malware. They also had guarantees that these measures were the best.
