The Stealthy CACTUS Ransomware Menace: Exploiting VPN Appliance Flaws and Targeting Large Corporations

Ransomware is a growing concern for companies of all sizes, and cybersecurity researchers have recently shed light on a new strain called CACTUS. This ransomware has been targeting large commercial entities since March 2021, and it has been observed to leverage known flaws in VPN appliances to gain initial access to targeted networks. Once inside, it employs double extortion tactics to steal sensitive data and demands payment in exchange for a decryption key.

Exploitation of vulnerable VPN devices sets the stage

CACTUS begins its attack by exploiting known vulnerabilities in VPN devices to set up an SSH backdoor. Once this initial access is established, the attacker executes a series of PowerShell commands to conduct network scanning and identify a list of machines to encrypt. These commands also allow the attacker to maintain persistent access to the network, making it more difficult for the victim to detect and remove the ransomware.

Using sophisticated tools for command and control

CACTUS also utilizes sophisticated tools for command and control, including the popular penetration testing framework Cobalt Strike and a tunneling tool referred to as Chisel. The ransomware authors also make use of Remote Monitoring and Management (RMM) software like AnyDesk, allowing them to remotely control the infected machines and monitor their progress.

A unique batch script evades detection

One unique aspect of CACTUS is the use of a batch script to extract the ransomware binary with 7-Zip. This process makes it harder to detect as the ransomware essentially encrypts itself, removing the .7z archive before executing the payload. This technique allows CACTUS to evade antivirus and network monitoring tools, making it more challenging for defenders to detect and remove.

Insights from cybersecurity experts

Laurie Iacono, Associate Managing Director for Cyber Risk at Kroll, commented on the unique features of CACTUS. She notes that the ransomware’s ability to encrypt itself makes it more challenging to detect, and that this demonstrates the importance of continual adaptation by cybersecurity professionals to keep up with evolving threats.

Comparison to other ransomware families

The emergence of CACTUS comes just days after Trend Micro shed light on another type of ransomware known as Rapture. This new ransomware shares some similarities with other families, such as Paradise. The use of vulnerable public-facing websites and servers is a common tactic for ransomware authors looking to gain access to corporate networks. This makes it essential for organizations to keep their systems up-to-date and enforce the principle of least privilege (PoLP).

The rising trend of new ransomware families

CACTUS and Rapture are the latest additions to a long list of new ransomware families that have come to light in recent weeks. Other examples include Gazprom, BlackBit, UNIZA, Akira, and a NoCry ransomware variant called Kadavro Vector. This trend demonstrates the continued evolution of ransomware as a significant threat to organizations worldwide.

The emergence of CACTUS and other new ransomware families highlights the critical need for organizations to stay vigilant and proactive in their approach to cybersecurity. Companies must prioritize continuous monitoring of their systems, implement regular patching and updates, and enforce the Principle of Least Privilege (PoLP) to limit the impact of ransomware attacks. As ransomware authors continue to develop new tactics and tools, it is essential for defenders to remain one step ahead and continuously adapt their strategies to keep pace with evolving threats.

Explore more

Ethereum’s Fragile Recovery Faces Resistance and Low Demand

The Ethereum ecosystem is currently navigating a treacherous landscape where price action struggles to align with the technical milestones achieved during the most recent network upgrades. While the shift to a more scalable architecture was intended to invite a surge of institutional and retail capital, the reality in 2026 shows a market plagued by indecision and a noticeable lack of

macOS 28 Drops Support for Encrypted Mac OS Extended Volumes

The landscape of digital storage has shifted dramatically over the past decade, leaving legacy file systems struggling to keep pace with the rigorous security demands of modern computing environments. With the release of macOS 28, the long-standing compatibility for encrypted Mac OS Extended (HFS+) volumes has officially reached its end of life, signaling a definitive transition toward the more robust

CapCut Named 2026 Leader in AI Social Media Content Creation

The rapid evolution of generative artificial intelligence has fundamentally altered the digital landscape, shifting the burden of high-quality video production from specialized studios to the palm of every creator’s hand across the globe. By mid-2026, the demand for short-form content reached an all-time high, necessitating tools that could keep pace with the volatile trends of social media algorithms. CapCut emerged

How Will AI and RPA Shape Desktop Automation in 2026?

The integration of cognitive computing with traditional robotic process automation has fundamentally altered the way desktop environments operate across global industries today. No longer confined to the rigid, rule-based scripts of previous cycles, modern automation tools now serve as dynamic, goal-oriented assistants capable of navigating the intricacies of fragmented software landscapes. This shift has allowed organizations to bridge the significant

UiPath Navigates AI Pivot Amid Market Skepticism

The transition from legacy robotic process automation to a sophisticated, agent-centric architecture has forced enterprise software giants to fundamentally rethink their value propositions in an era defined by autonomous reasoning. This paradigm shift represents more than a mere software update; it is a complete structural overhaul that seeks to bridge the gap between simple task execution and complex cognitive decision-making.