Cactus

Malware updated 4 days ago (2024-11-29T13:41:59.921Z)
Download STIX
Preview STIX
Cactus is a type of malware, specifically ransomware, known for its malicious activities including data theft and system disruption. This malware has been linked to several high-profile attacks, spreading primarily through malvertising campaigns that leverage the DanaBot Trojan. Notably, the Cactus ransomware gang claimed responsibility for a massive data breach at Schneider Electric, an energy management and industrial automation firm, alleging the theft of 1.5TB of data. The group also targeted the Swedish retail and grocery provider Coop, causing significant disruptions. In 2023, OmniVision, a leading developer of advanced digital imaging solutions, disclosed a data breach following a Cactus ransomware attack. The incident was one among many that contributed to Cactus' reputation as a major cybersecurity threat. In another significant event, the Housing Authority of the City of Los Angeles (HACLA) fell victim to a Cactus ransomware attack, with the cybercriminals claiming to have stolen 861GB of data, including personal, financial, and backup information. Despite its destructive capabilities, Cactus was not the most prevalent ransomware in circulation. It came in second place, accounting for 7.74% of ransomware incidents, trailing behind LockBit but ahead of RansomHub, Play, Akira, Hunters, and BlackBasta. These figures underscore the persistent and diverse nature of the ransomware threat landscape, with Cactus representing a significant part of this ongoing challenge.
Description last updated: 2024-11-04T21:02:51.671Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Nokoyawa is a possible alias for Cactus. Nokoyawa is a prominent malware, specifically ransomware, that has been linked to numerous cybercrime activities since it first emerged in 2022. It has been associated with various other malware families including Quantum, Royal, BlackBasta, and a variety of others such as Emotet, IcedID, CobaltStri
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Schneider
Vpn
Exploit
Ransom
Vulnerability
Extortion
Data Leak
Malware
Rmm
Exploits
Proxy
Malvertising
Lateral Move...
Antivirus
exploitation
Encryption
Trojan
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with Cactus. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers orUnspecified
4
The Akira Malware is associated with Cactus. Akira is a potent ransomware that has been active since 2023, known for its aggressive encryption tactics and swift deployment. This malware, which brings a unique '80s aesthetic to the dark web, has quickly risen in prominence within the cybercrime landscape. It has targeted hundreds of victims gloUnspecified
3
The Blackbasta Malware is associated with Cactus. BlackBasta is a notorious malware group that has emerged as a significant player in the ransomware space. The group has demonstrated an ability to adapt and evolve their tactics, making them a leading entity in the Russian-language ransomware domain. Initially, BlackBasta was observed using a botnetUnspecified
3
The Black Basta Malware is associated with Cactus. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defensesis related to
2
The Clop Malware is associated with Cactus. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitinUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Alphv Threat Actor is associated with Cactus. Alphv, also known as BlackCat, is a threat actor group that has been linked to numerous cyberattacks, particularly targeting the healthcare sector. The group made headlines when it stole 5TB of data from Morrison Community Hospital, causing significant disruption and raising concerns about patient pis related to
3
Source Document References
Information about the Cactus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
a month ago
Checkpoint
a month ago
Securelist
3 months ago
InfoSecurity-magazine
3 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Checkpoint
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago
DARKReading
7 months ago
Securityaffairs
8 months ago