Cactus

Malware updated 14 days ago (2024-10-17T12:03:10.708Z)
Download STIX
Preview STIX
Cactus is a malicious software (malware) known for its destructive capabilities, particularly in the form of ransomware attacks. It primarily infiltrates systems through suspicious downloads, emails, or websites and can cause severe damage by stealing personal information, disrupting operations, or holding data hostage for ransom. Notably, Cactus has been distributed via malvertising attacks that leverage the DanaBot Trojan, demonstrating its sophisticated propagation mechanisms. In 2023, Cactus made headlines with several high-profile attacks on major corporations. One significant breach occurred at OmniVision, a leading developer of advanced digital imaging solutions. Following a Cactus ransomware attack, OmniVision was forced to disclose a substantial data breach, underscoring the malware's ability to penetrate robust corporate security measures. In another instance, the Cactus ransomware gang claimed responsibility for an attack on Schneider Electric, a global specialist in energy management and automation, resulting in the theft of 1.5TB of data. The Swedish retail and grocery provider Coop also fell victim to a Cactus ransomware attack, further illustrating the malware's widespread impact. Despite its potency, Cactus was not the most prevalent ransomware as of the provided data. It came second, accounting for 7.74% of ransomware incidents, trailing behind LockBit but surpassing others such as Play, RansomHub, Akira, Hunters, and BlackBasta. These statistics highlight the diverse and competitive landscape of ransomware threats, with Cactus emerging as a significant player. As such, organizations are urged to bolster their cybersecurity measures to protect against this potent threat.
Description last updated: 2024-10-17T11:44:42.013Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Nokoyawa is a possible alias for Cactus. Nokoyawa is a prominent malware, specifically ransomware, that has been linked to numerous cybercrime activities since it first emerged in 2022. It has been associated with various other malware families including Quantum, Royal, BlackBasta, and a variety of others such as Emotet, IcedID, CobaltStri
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Schneider
Vpn
Exploit
Ransom
Vulnerability
Extortion
Data Leak
Malware
Rmm
Clop
Exploits
Proxy
Malvertising
Lateral Move...
Antivirus
exploitation
Encryption
Trojan
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with Cactus. LockBit is a type of malware, specifically a ransomware, that infiltrates systems to exploit and damage them. It's known for its disruptive activities such as stealing personal information or holding data hostage for ransom. The LockBit ransomware gang has claimed responsibility for several high-proUnspecified
4
The Akira Malware is associated with Cactus. Akira is a form of malware, specifically ransomware, that has been involved in a significant number of cyber attacks since its first appearance. It has been particularly active since August 2024, when it was observed by Arctic Wolf Labs to be used in conjunction with another ransomware called Fog. TUnspecified
3
The Blackbasta Malware is associated with Cactus. BlackBasta is a notorious malware, particularly known for its ransomware attacks. The group behind it has been linked with other harmful software such as IcedID, NetSupport, Gozi, PikaBot, Pushdo, Quantum, Royal, and Nokoyawa. Artifacts and indicators of compromise (IoCs) suggest a possible relationUnspecified
3
The Black Basta Malware is associated with Cactus. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defensesis related to
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Alphv Threat Actor is associated with Cactus. Alphv, a threat actor also known as BlackCat, has been identified as a significant player in the cybercrime landscape. The group is responsible for numerous high-profile ransomware attacks, including a major breach of the Morrison Community Hospital, where they pilfered 5TB of data. Additionally, Alis related to
3
Source Document References
Information about the Cactus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securelist
2 months ago
InfoSecurity-magazine
2 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Checkpoint
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
DARKReading
6 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago